Versions Compared

Old Version 1

changes.mady.by.user Himanshu Dwivedi

Saved on

compared with

New Version 2

changes.mady.by.user Himanshu Dwivedi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status Definitions:

...

Closed - Fixed

...

Severity Definitions:

TitleDescription
HighThe type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses.
MediumThe type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses.
LowThe type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses.

...

Exploit-ability Definitions:

TitleDescription
EasyThe data exposure is easy to exploit.
ModerateThe data exposure is moderately difficult to exploit.
DifficultThe data exposure is difficult to exploit
.

Date Type Descriptions:

TitleDescriptionPublicData is classified as public when unauthorized disclosure, alternation, or destruction would result in little or no exposure to an organization.PrivateEmployee information, such as salary information, home addresses, Passwords, PINs, Passcodes, Usernames/User IDs,  Call Information/History, SMS Information/History, Browsing Info/History, Geolocation Data, Account Numbers, Bill Pay Information, Secret Questions, Passport Numbers, Mother's Maiden Names, Phone Number, Driver License Number, SSNs, Date of Birth etc.ConfidentialTrade secrets, Intellectual property, financial information, company information, etc
.
PFI: Personal Financial InformationFinancial account number, credit score, account balances, Check Images

PHI: Protected Health Information

Medical diagnosis codes, disease names, medication names, patient names, medical record number (MRN)PII: Personality Identifiable InformationSocial security number, national identification number, driver’s license number, email address, home address, phone number, Device IDs (UDID)PCI: Payment Card IndustryCredit card numbers, Card Verification Value (CVV), expiration date