China proposed a four-tier classification to respond to data security incidents, showing its concern about data leaks and hacking in the country.
The plan is due to increased tensions with the United States and its allies. It follows an incident where a hacker claimed to have gotten a large amount of personal information on one billion Chinese from the Shanghai police.
By infosecbulletin
/ Thursday , September 5 2024
CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
By infosecbulletin
/ Wednesday , September 4 2024
OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
By infosecbulletin
/ Wednesday , September 4 2024
Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
By infosecbulletin
/ Tuesday , September 3 2024
VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
There is a new way to attack Atlassian Confluence using the vulnerability CVE-2023-22527. The Confluence Data Center and Server products...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers examined a version that targets...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
Lloyds Bank and Virgin Money's internet banking services were down on Monday, causing trouble for users to access and view...
Read More
ALSO READ:
5 Islamic banks risk of being frozen out of certain transactions
China’s Ministry of Industry and Information Technology (MIIT) published a detailed draft plan laying out how local governments and companies should assess and respond to incidents.
The plan is seeking public opinions. It suggests a four-tier, color-coded system based on the level of harm to national security, a company’s online and information network, or the functioning of the economy.
Incidents will be considered “especially grave” if they cause losses over 1 billion yuan ($141 million) and affect the personal information of more than 100 million people, or the “sensitive” information of over 10 million people. In these cases, a red warning must be issued.
According to the plan, when there are red or orange warnings, the companies and local regulatory authorities must create a 24-hour work schedule to handle the incident. They also need to inform MIIT of the data breach within ten minutes of it happening, along with other actions.
“If the incident is judged to be grave… it should be immediately reported to the local industry regulatory department, no late reporting, false reporting, concealment or omission of reporting is allowed,” MIIT said.