Schedule C
Sample Information Security Measures
附表C
样本信息安保措施
Schedule C supplements Principles 7 and 8 and includes non-exhaustive examples of specific information security measures that the parties may agree to, or the tribunal may impose, for particular arbitration matters. The measures listed here may not need to be adopted in their entirety in any individual matter, as certain measures may be viewed as alternatives to each other or as part of a complementary system. Further, because information security is changing rapidly, different or new best practices may emerge and the sample measures outlined here may be superseded or become outdated over time.
附表C是对原则7和8的补充,并包含了当事人可能同意或仲裁庭可能针对某一仲裁事项采取的特定信息安全措施的非详尽示例。由于某些措施可能被视为彼此的替代或作为系统补充的一部分,在任何单个问题上都可能无需完全采取此处列出的措施。此外,由于信息安全变化迅速,随着时间的流逝,可能会出现不同的或新的最佳实践方法,并且此处概述的样本措施可能会被取代或过时。
Schedule C builds upon Schedule A, which addresses general security measures that may be adopted as a regular business practice. Thus, the measures suggested here for possible adoption in individual matters should be considered in conjunction with any systems, processes, policies, and procedures already in place as part of regular business operations and in consultation with any information technology or information security professionals whose organizations are involved in the dispute and maybe impacted by agreed-upon procedures.
附表C建立在附表A的基础上,后者解决了可能作为常规商业惯例采用的通用安全措施。因此,应将此处建议的可能在单个问题中采用的措施与作为常规业务运营一部分而已建立的任何系统、流程、政策和程序结合起来,并与涉及争议的组织所在的任何信息技术或信息安全专业人员进行协商,并且可能会受到商定的程序的影响。
1. Asset Management 资产管理
(a) Limiting exchanges of, and access to, information about the dispute to individuals on a “need to know” basis.
在“需知”的基础上,限制个人交流和获取有关争端的信息。
(b) Adopting protective measures, such as redaction (also known as masking) or pseudonymization, before the exchange of information with respect to data classified within the arbitration as higher risk.
在就仲裁中被归类为较高风险的数据交换信息之前,采取保护措施,例如编辑(也称为屏蔽)或假名化。
(c) Labeling confidential or sensitive data (e.g., by adding appropriate confidentiality legends by bates stamp or to a document name). Examples of such legends include categories such as “confidential,” “highly sensitive,” “attorneys’ eyes only” and the like, as well as categories specific to the arbitration.
标记机密或敏感数据(例如,通过使用bates戳或在文档名称上添加适当的机密性图例)。这些传说的例子包括诸如“机密”,“高度敏感”,“仅可供律师浏览”等类别,以及仲裁特定的类别。
(d) Not sharing disclosure material with the arbitral tribunal or the administering institution, except in respect to disclosure disputes or as required for evidentiary purposes, in which case limiting the material shared to what is relevant to, and necessary for, the tribunal’s resolution of the dispute.
除与披露纠纷有关或出于证据目的的要求外,不与仲裁庭或管理机构共享披露材料,在这种情况下,共享材料仅限于与仲裁庭解决争议有关且对仲裁庭而言是必需的。
(e) Using a secure share site or cloud platform to share information and documents related to the dispute.
使用安全的共享站点或云平台共享与争议有关的信息和文档。
(f) Restricting use of public networks to access, store, or transmit arbitration related information.
限制使用公共网络访问、存储或传输仲裁相关信息。
(g) Agreeing that the parties’ respective networks shall be accessed on a remote basis solely through a secure VPN.
同意仅通过安全VPN可以远程访问当事人各自的网络。
(h) Maintaining backups of arbitration material during the pendency of the matter.
在案件未决期间维护仲裁材料的备份。
(i) Limiting the amount of time that information related to the dispute will be retained after the completion of the matter, and providing for a procedure at the conclusion of the arbitration process for such information, regardless of how stored, to be returned to the originating party, or permanently destroyed and deleted, with a process for certification of compliance.
限制事件完成后与争议有关的信息保留的时间,并规定在仲裁程序结束时将此类信息(无论存储方式)以何种方式退还给发起方,或永久销毁和删除,以及合规认证流程。
2. Access Controls 访问控制
(a) Restricting access to arbitration-related information on a least- privilege and need-to-know basis, or limiting certain information to attorneys’ eyes only.
在最低特权和需知的基础上限制对仲裁相关信息的访问,或者将某些信息仅限制律师浏览。
(b) Agreeing on how passwords to share file sites will be communicated (typically through a separate means of communication), password protecting specific documents,and/or on expiration limits for access.
同意共享文件站点的密码告知方式(通常以单独通信的方式),给特定文档加密和/或访问期限的限制。
(c) Using multi-factor authentication for remote access or access to networks, systems, or platforms that may contain confidential or sensitive information related to the dispute.
使用多因素身份验证进行远程访问或对可能包含与争议有关的机密或敏感信息的网络、系统或平台的访问。
(d) Conducting periodic reviews of access control lists for the systems or networks where information related to the dispute will be stored and disabling access for persons who no longer have a need to know, for example, persons who leave the employ of a party.
对存储与争端相关的信息的系统或网络进行访问控制列表的定期审查,并禁止不再需知的人(例如,与当事人解除劳动关系的人)访问。
(e) Imposing limitations on downloading and printing hard-copy documents regarding the matter.
对下载和打印与此相关的复印件文档施加限制。
3. Encryption 加密
(a) Requiring information at rest, i.e., stored data, to be encrypted.
要求对静态信息(即存储的数据)进行加密。
(b) Requiring information at rest, i.e., stored data, to be encrypted using zero-knowledge encryption.
静态信息,即存储的数据,需要使用零知识加密来加密。
(c) Agreeing to encrypt information in transit.
同意对传输中的信息进行加密。
(d) Agreeing to encrypt devices (e.g., USB drives, hard drives) on which information related to the matter is stored or exchanged.
同意加密存储或交换与该问题相关信息的设备(如USB驱动器,硬盘驱动器)。
4. Communications Security 通讯安全
(a) Providing for procedures concerning how communications will occur between and among the tribunal, the parties, and the administering institution in order to protect the integrity of such communications, including: (i) the transmission of communications, pleadings, and evidence by the parties; (ii) communications among arbitrators; and (iii) communications between the arbitrators and any administering institutions.
规定有关仲裁庭、当事人与管理机构之间如何进行通讯的程序,以保护此类通讯的完整性,包括:(i)各方之间的通讯、诉状和证据的传输;(ii)仲裁员之间的通讯;(iii)仲裁员与任何管理机构之间的通讯。
(b) Using businessor enterprise-level email accounts, not free consumer or personal email services, for any emails regarding this matter.
使用企业或企业级别的电子邮件帐户,而不是免费的消费者或个人电子邮件服务器,来处理与此有关的任何电子邮件。
(c) Using business or enterprise-level document sharing systems or software, not free consumer or personal storage or sharing, for any shared documents.
对于任何共享文档,请使用商业或企业级文档共享系统或软件,而不是免费的消费者或是个人存储或共享。
(d) Restricting the use of email files or attachments to transmit confidential or sensitive information, unless such email is end- to-end encrypted and the attachments are password-protected, with passwords to be transmitted by a separate means of communication such as text message or voicemail.
限制使用电子邮件文件或附件传输机密或敏感信息,除非此类电子邮件是端到端加密且附件受密码保护,并且密码将通过文本消息或语音邮件等单独通讯方式进行传输。
(e) In the case of a shared third-party cloud platform, agreeing on who will have access to the platform, for how long, what privileges different users will have with respect to the data, requirements for user passwords, multi-factor authentication, and remote access, as well as what vulnerability monitoring will take place.
使用共享的第三方云平台时,则应就谁将有权访问该平台,就数据、用户密码要求、多重身份验证和远程访问而言及漏洞监视,不同用户将在多长时间、哪些特权方面达成协议。
(f) Using a shipping method with signature and tracking mechanism for delivery of any packages, drives, devices, or hard copy materials related to the dispute.
使用带有签名和跟踪机制的运输方法来交付与争议有关的任何包裹、驱动器、设备或复印材料。
(g) Limiting or excluding the use of certain types of media, e.g., prohibiting the use of portable drives to store arbitration data, or allowing only encrypted and password protected portable drives.
限制或排除使用某些类型的媒体,例如,禁止使用便携式驱动器存储仲裁数据,或仅允许使用加密和受密码保护的便携式驱动器。
(h) Using secure telecommunication methods for all voice calls relating to the arbitration.
对所有与仲裁有关的语音呼叫使用安全的电信通讯方法。
5. Physical and Environmental Security 实体和环境安全
(a) Taking care to prevent loss or theft of devices, including portable storage devices, and having the ability to remotely “wipe” those devices if they are lost or stolen.
注意防止设备(包括便携式存储设备)丢失或被盗,并具有在丢失或被盗时远程“擦除”这些设备的能力。
(b) Taking steps to secure information contained in paper copies of arbitration-related data.
采取措施保护仲裁相关数据的纸质副本中包含的信息。
(c) Considering security measures for any hearing rooms, “war rooms,” and breakout rooms, which may be located in public buildings such as hotels.
考虑可能位于酒店等公共建筑中的任何调查室,“作战室”和分组讨论室的安全措施。
(d) Using privacy screens for laptops and mobile devices when accessing arbitration-related materials while in transit or in public places.
在运输途中或在公共场所访问与仲裁相关的材料时,请使用便携式计算机和移动设备的隐私屏幕。
(e) Configuring laptops and mobile devices to automatically lock the screen after a certain period of inactivity.
将笔记本电脑和移动设备设置为在一段时间不活动后自动锁定屏幕。
6. Operations Security 操作安全
(a) Patching all systems or devices that house arbitration-related information promptly when patches are issued.
发布补丁程序后,立即修补包含仲裁相关信息的所有系统或设备。
(b) Monitoring for system vulnerabilities and reporting any discovered vulnerabilities to the other participants in the arbitration promptly after discovery of any vulnerability in accordance with any applicable law, regulatory regime, or any incident response plan agreed to for the arbitration.
在发现任何漏洞之后,根据任何适用的法律、法规制度或仲裁商定的任何事故应对方案,监视系统漏洞并在发现任何漏洞后立即将所有发现的漏洞报告给仲裁的其他参与者。
7. Information Security Incident Management 信息安全事故处理
(a) Taking into account any applicable regulatory regime or professional ethical obligations and the parties’ existing infrastructure, putting in place measures to address any information security incident that may occur over the course of the arbitration. (Schedule E includes resources that may be consulted in developing an incident response plan.)
考虑到任何适用的监管制度或职业道德义务以及当事方的现有基础结构,采取措施解决在仲裁过程中可能发生的任何信息安全事故。(附表E包含制定事故应对方案时可参考的资源。)
(b) Defining procedures and expectations for any notice to be provided to parties, arbitrators, arbitral institutions, or regulators regarding information security incidents related to the arbitration. Such procedures and expectations should include, among other things, the definition of an “incident” that would give rise to notification obligations, the timing of any such notice (usually triggered upon discovery of the incident), the method of providing notice, and the recipient for such notice.
定义有关与仲裁有关的信息安全事故的任何通知要提供给当事人、仲裁员、仲裁机构或监管机构的程序和期望。此类程序和期望应包括引起通知义务的“事故”的定义、任何此类通知的时间(通常在发现事故后发生)、提供通知的方法以及此类通知的收件人。
(c) Agreeing to reasonably cooperate regarding any investigation and/or remediation of any information security incident related to the arbitration.
同意就与仲裁有关的任何信息安全事故的调查和/或补救进行合理的合作。
(d) Agreeing on the parties’ rights and obligations concerning any public statements made about any information security incident related to the arbitration.
就与仲裁有关的任何信息安全事故的任何公开声明,同意当事各方的权利和义务。
Schedule D
Sample Language
附表D
样本语言
A. Arbitration Agreement Language 仲裁协议语言
It is not generally recommended that parties provide for specific information security measures in their arbitration agreements. First, prevailing cyber risks and technology, including technical measures available to guard against those risks, may change materially by the time a dispute arises. Second, the decision to adopt particular information security measures for an arbitration should be informed by analysis of the risk profile of the dispute and any ensuing arbitration and what is reasonable given the circumstances.
通常不建议当事人在其仲裁协议中规定特定的信息安全措施。首先,主要网络风险和技术,包括可用来防范风险的技术措施,可能会在争议发生时有重大变化。其次,应通过分析争议的风险概况以及随后发生的任何仲裁以及在特定情况下合理的做法,来决定采取特定的信息安全措施进行仲裁的决定。
This being said, parties may want to provide generally in their arbitration agreement that reasonable security measures will be employed in the conduct of the arbitration. The following language would be appropriate for inclusion in the arbitration agreement to achieve that end:
话虽如此,当事人可能希望在其仲裁协议中普遍规定在进行仲裁时将采用合理的安全措施。为了达到此目的,将以下语言适当地包含在仲裁协议中是合适的:
The Parties shall take reasonable measures to protect the security of the information processed in relation to the arbitration, taking into consideration, as appropriate, the ICCA-NYC Bar-CPR Cybersecurity Protocol for International Arbitration.
双方应采取合理的措施来保护与仲裁有关的信息处理安全性,并酌情考虑《 ICCA-NYC Bar-CPR国际仲裁网络安全协定书》。
B. Agenda of the Initial Case Management Conference or Preliminary Hearing
庭前会议或预审议程
If information security has not already been addressed before the preliminary hearing or case management conference, it should be placed on the agenda for the conference. Language along the following lines could be considered for the agenda:
如果在预审或庭前会议之前尚未解决信息安全问题,则应将其放在会议议程上。议程可考虑以下语言:
The Parties should be prepared to address information security at the case management conference, and are invited to consider the ICCA-NYC Bar-CPR Cybersecurity Protocol for International Arbitration. The Parties shall confer in advance of the conference and advise the Tribunal of any agreement or points of disagreement with respect to what information security measures are reasonable for the arbitration, including whether the Tribunal should order that any particular information security measures be taken to safeguard the security of arbitration-related information.
双方应准备在庭前会议上讨论信息安全问题,并应邀请各方审议《 ICCA-NYC国际法院Bar-CPR网络安全议定书》。缔约双方应在会议召开前就任何合理的仲裁信息安全措施达成任何协议或分歧,并将其通知仲裁庭,包括仲裁庭是否应下令采取任何特定的信息安全措施来保护仲裁庭的利益以保护仲裁相关信息的安全性。
C. InformationSecurity Measures 信息安全措施
Taking into account any agreement of the parties with respect to reasonable information security measures, and after consideration of the parties’ respective positions with respect to whether additional measures are required, the tribunal may decide to address information security in a number of ways. We have suggested below some language that may be considered or adapted for a procedural order.
考虑到当事双方就合理的信息安全措施达成的任何协议,并且在考虑了当事方关于是否需要采取其他措施的立场之后,仲裁庭可以决定以多种方式解决信息安全问题。我们在下面建议了一些可能被考虑或适用于程序命令的语言。
1. Parties Agree Reasonable Information Security Measures for the Arbitration当事人同意合理的仲裁信息安全措施
In preparation for the case management conference, the Parties were invited to consider information security for the arbitration, including whether the Tribunal should order that any particular information security measures be taken to safeguard the security of arbitration-related information. Having had an opportunity to fully consider the issue, the Parties have agreed to employ the additional information security measures set forth in the Schedule to this Order when processing arbitration-related information during this proceeding. Each Party shall also maintain information security measures that are at least as robust as those that they follow in the normal course of business at the time of this Order when conducting this arbitration.
在筹备庭前会议时,请当事人考虑仲裁的信息安全性,包括仲裁庭是否应下令采取任何特定的信息安全措施以维护与仲裁有关的信息的安全性。当事人有机会在对这一问题进行充分考虑后,同意在此程序中处理与仲裁有关的信息时,采用本命令附表中规定的其他信息安全措施。各方当事人在进行仲裁时,还应维持至少与本命令在正常业务过程中遵循的信息安全措施同样稳健的信息安全措施。
In addition, before exchanging sensitive personal or other data (including, but not limited to, social security or national identification numbers, financial account details, and birth dates), the Parties shall reduce the amount of sensitive data that is processed to that which is necessary and shall confer regarding redacting or otherwise masking that data to protect it from unnecessary disclosure in the arbitration. The Parties shall refrain from submitting any such information to the Tribunal in unredacted form absent prior approval of the Tribunal in consideration of theParties’ legitimate interests, including the relevance of the unredacted information.
此外,在交换敏感的个人或其他数据(包括但不限于社保号或身份证号、财务帐户详细信息和出生日期)之前,双方应将处理的敏感数据量减少至必要程度,并应商定编辑或以其他方式掩盖该数据,以防止仲裁中不必要的披露。考虑到当事方的合法利益,包括未编辑信息的相关性,当事人应避免在未经仲裁庭事先批准的情况下以未编辑的形式向仲裁庭提交任何此类信息。
2.Tribunal Prescribes Reasonable Information Security Measures for the Arbitration
In preparation for the case management conference, the Parties were invited to consider information security for the arbitration, including whether the Tribunal should order that any particular information security measures be taken to safeguard the security of arbitration-related information. Having had an opportunity to fully consider the issue, the Parties were unable to agree. Therefore, after consideration of the Parties’ respective positions with respect to what security measures are reasonable for this matter, the Tribunal orders the Parties to employ the information security measures set forth in the Schedule to this Order when processing arbitration-related information during this proceeding. Each Party shall also maintain information security measures that are at least as robust as those that they follow in the normal course of business at the time of this Order when conducting this arbitration.
在筹备庭前会议时,请各缔约方考虑仲裁的信息安全性,包括仲裁庭是否应下令采取任何特定的信息安全措施以维护与仲裁有关的信息的安全性。当事人有机会充分审议该问题,但未能达成一致。因此,在考虑了当事人关于该事项合理的安全措施的合理立场后,仲裁庭命令当事人在此程序中处理与仲裁相关的信息时,采用本命令表中规定的信息安全措施。当事人在进行仲裁时,还应维持至少与本命令在正常业务过程中遵循的信息安全措施同样稳健的信息安全措施。
3.Parties Agree Existing Information Security Measures Are Reasonable for the Arbitration
In preparation for the case management conference, the Parties were invited to consider information security for the arbitration, including whether the Tribunal should order that any particular information security measures be taken to safeguard the security of arbitration-related information. Having had an opportunity tofully consider the issue, the Parties agree that: (i) the security measures that they follow in the normal course of business are reasonable for the arbitration; and (ii) no additional information security measures are warranted for purposes of conducting this arbitration. Each Party shall maintain information security measures that are at least as robust as those in place at the time of this Order when conducting this arbitration.
在筹备庭前会议时,请各缔约方考虑仲裁的信息安全性,包括仲裁庭是否应下令采取任何特定的信息安全措施以维护与仲裁有关的信息的安全性。当事人有机会对这一问题进行了充分考虑之后,同意:(i)在正常业务过程中遵循的安全措施对于仲裁是合理的;(ii)无需为进行此仲裁而采取其他信息安全措施。每一当事方在进行仲裁时,应维持至少与本命令制定时一样稳健的信息安全措施。
In addition, before exchanging sensitive personal or other data (including, but not limited to, social security or national identification numbers, financial account details, and birth dates),the Parties shall reduce the amount of sensitive data that is exchanged to that which is necessary and shall confer regarding redacting or otherwise masking that data to protect it from unnecessary disclosure in the arbitration. The Parties shall refrain from submitting any such information to the Tribunal in unredacted form absent prior approval of the Tribunal in consideration of the Parties’ legitimate interests, including the relevance of the unredacted information.
此外,在交换敏感的个人或其他数据(包括但不限于社会安全号或身份证号,金融帐户详细信息和出生日期)之前,双方应将交换的敏感数据量减少至必要程度,并应商定编辑或以其他方式掩盖该数据,以防止仲裁中不必要的披露。考虑到当事人的合法利益,包括未编辑信息的相关性,当事各方应避免在未经仲裁庭事先批准的情况下以未经编辑的形式向法庭提交任何此类信息。
D. Post-Arbitration Dispute Resolution Clause 仲裁后争端解决条款
When parties enter into information security agreements in relation to an arbitration, they should consider that the arbitral tribunal may be functus officio at the time that dispute arises under the agreement. The parties therefore may consider including language in any information security agreement they may enter into addressing the resolution of any disputes related thereto after the arbitral tribunal become functus officio:
当事人就仲裁订立相关的信息安全协议时,应考虑到仲裁庭在合同所涉争议发生时可能已不再有权处理该争议。因此,当事人可以考虑在任何信息安全合同中,加入语句以处理当仲裁庭不再有权处理该争议时,该争议该如何解决(的问题)。
Upon the Tribunal rendering a final award or otherwise being functus officio, any dispute relating to information security, including, without limitation, disputes relating to data breach or incident response arising out of or relating to this Agreement, including the interpretation, breach, termination, or validity thereof, shall be finally resolved by arbitration in accordance with the [select applicable rules]. The seat of the arbitration shall be [place of arbitration]. The language of the arbitration shall be [select language]. There shall be one arbitrator [selected in accordance with the applicable rules] [who shall have experience relating to cybersecurity].
在法庭作出最终裁决或任期届满时,与信息安全有关的任何争议,包括但不限于与本协议或与之相关的数据泄露或事故应对方面的相关纠纷,包括解释、违约、终止或其有效性,应根据[选择适用的规则]通过仲裁最终解决。仲裁地点应为[仲裁地点]。仲裁语言应为[选择语言]。应当有一名仲裁员[根据适用的规则选出] [应具有与网络安全相关的经验]。
Schedule E
Selected Reference
(略)
Schedule F Glossary
附表 F 词汇表
Well-known information security glossaries are cited in Schedule E. Below is a list of terms specifically defined in the Protocol.
附表E中引用了著名的信息安全术语表。以下是协议中明确定义的术语列表。
管理机构。管理机构,是指管理仲裁的任何机构和该机构的个人代表。
Administering institution.Administering institution, or institution, refers to any institution administering the arbitration and the individual representatives of theinstitution.
管理机构。管理机构,或机构,是指管理仲裁的任何机构和该机构的个人代表。
Arbitral Tribunal. Arbitral tribunal, or tribunal, refers to a sole arbitrator or apanel of arbitrators.
仲裁庭。仲裁庭是指独任仲裁员或仲裁员小组。
Availability. Availability can be understood as a promise of reliable access to certain information by authorized individuals.
可用性。可用性可以理解为授权人员对某些信息可靠访问的保证。
Confidentiality.Confidentiality can be understood as a set of rules or restrictions that limits access to certain information.
保密。机密性可以理解为一组限制对某些信息的访问的规则或限制。
Cybersecurity.Cybersecurity concerns the means employed to maintain the confidentiality, integrity, and availability of digital information and is one aspect of information security.
网络安全。网络安全涉及用于维护数字信息的机密性、完整性和可用性的手段,并且是信息安全的一个方面。
Information security.Information security includes security for all types and forms of electronic and non-electronic information and includes both commercial and personal data.
信息安全。信息安全包括对所有类型和形式的电子和非电子信息的安全,并包括商业和个人数据。
Integrity.Integrity can be understood as an assurance that certain information is trustworthy and accurate.
诚信。诚信可以理解为对某些信息可信赖和准确的保证。
Party. Party, orparties, refers to the parties to the arbitration and their counsel or other representatives.
当事人。一个或多个当事人是指仲裁的当事人及其律师或其他代表。
Personal data.Personal data is a broad concept used in many of the data protection legal regimes that are proliferating around the globe. Typically, it is defined to include information of any nature whatsoever that standing alone or as linked to other information could be used to identify an individual (including, for example, work-related e-mails, lab notebooks, agreements, handwritten notes,etc.), but the exact definition and scope of personal data may vary from jurisdiction to jurisdiction. Another common term for such information is “personally identifiable information” (“PII”).
个人数据。个人数据是在全球范围内广泛使用的许多数据保护法律制度中使用的广泛概念。通常,它的定义包括任何性质的信息,无论是单独使用还是与其他信息链接都可以用来识别个人(如与工作相关的电子邮件、实验室笔记本、协议、手写笔记等),但个人数据的确切定义和范围可能会因司法管辖区而异。此类信息的另一个通用术语是“个人身份信息”(“ PII”)。
Processing.Processing broadly refers to anything that is done to, or with, arbitration-related information. It includes automated and non- automated operations, such as the collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.
处理。处理广义上是指对与仲裁相关的信息进行或与之相关的任何事情。它包括自动化和非自动化操作,例如收集、记录、组织、存储、改编或更改、检索、咨询、使用、通过传输公开、传播、排列组合、限制、擦除或破坏。
Security breach.A security breach is a security incident that results in unauthorized access to data and requires that notice be given to persons whose data has been compromised. Whether a particular security incident constitutes a security breach will depend on applicable law.
安全漏洞。安全漏洞是指导致未经授权访问数据并需要通知其数据已泄露的人员的安全事故。特定安全事故是否构成安全漏洞将取决于适用法律。
Security incident.Security incident refers to an event that may have compromised the confidentiality, integrity, or availability of data or systems, such as a malware infection, loss or theft of equipment, denial of service attack, or a phishing attempt.
安全事故。安全事故是指可能损害数据或系统的机密性、完整性或可用性的事故,例如感染恶意软件、设备丢失或被盗、拒绝服务攻击或网络钓鱼。
【 全文完 】