InfoSecBulletin Cybersecurity for mankind
China proposed a four-tier classification to respond to data security incidents, showing its concern about data leaks and hacking in the country.
The plan is due to increased tensions with the United States and its allies. It follows an incident where a hacker claimed to have gotten a large amount of personal information on one billion Chinese from the Shanghai police.
Kaspersky report
Bangladesh faces over 34,000 ransomware attacks
FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing
Ransomware Activities this week: Threatmon report
ALERT
CISA Releases Four Industrial Control Systems Advisories
Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days
Newly circulated reserve theft is false: Bangladesh Bank
Bangladesh bank published CBS guideline Version 2.0
Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days
TechCrunch report
Indian gov.t sites compromised to plant online betting ads
Damage Costs Predicted To Exceed $265 Billion By 2031
Ransomware expected to attack every 2 seconds by 2031
ALSO READ:
5 Islamic banks risk of being frozen out of certain transactions
China’s Ministry of Industry and Information Technology (MIIT) published a detailed draft plan laying out how local governments and companies should assess and respond to incidents.
The plan is seeking public opinions. It suggests a four-tier, color-coded system based on the level of harm to national security, a company’s online and information network, or the functioning of the economy.
Incidents will be considered “especially grave” if they cause losses over 1 billion yuan ($141 million) and affect the personal information of more than 100 million people, or the “sensitive” information of over 10 million people. In these cases, a red warning must be issued.
According to the plan, when there are red or orange warnings, the companies and local regulatory authorities must create a 24-hour work schedule to handle the incident. They also need to inform MIIT of the data breach within ten minutes of it happening, along with other actions.
“If the incident is judged to be grave… it should be immediately reported to the local industry regulatory department, no late reporting, false reporting, concealment or omission of reporting is allowed,” MIIT said.
