How to Classify Security Incidents: A Comprehensive Grading Policy

Purpose

Establish a security incident grading policy to raise security awareness and uncover the root causes of incidents.

Scope

Applicable to all subsidiaries.

Detailed Grading

Incidents are categorized by layer (application, network, host, data) and sub‑type, with discovery channels, occurrence counts, impact, and severity levels (P1‑P4). Examples include:

Application layer – security vulnerability (S0) discovered externally, impact P1.

Network layer – unauthorized port opening reported internally/externally, severity P1.

Host layer – intrusion event reported, severity P1.

Data layer – large‑scale leakage of C3/C4 level data, impact 1% of total data, severity P1.

Remarks

This fault definition applies group‑wide; if a product line defines its own security fault level, the higher level prevails.

Data‑related security events refer to data leakage caused by system vulnerabilities.

S0 (critical vulnerability) is defined as a vulnerability that has been publicly disclosed or exploited, affecting group systems/businesses and may cause system intrusion risk, massive sensitive data compromise, availability impact on many customer transactions, asset loss, or reputational damage.