§ 995-a. Definitions. For the purposes of this article: 1.\n"Cybersecurity incident" means an event occurring on or conducted\nthrough a computer network that actually or imminently jeopardizes the\nintegrity, confidentiality, or availability of computers, information or\ncommunications systems or networks, physical or virtual infrastructure\ncontrolled by computers or information systems, or information resident\nthereon.\n 2. "Cyber threat" means any circumstance or event with the potential\nto adversely impact organizational operations, organizational assets, or\nindividuals through an information system via unauthorized access,\ndestruction, disclosure, modification of information, and/or denial of\nservice.\n 3. "Cyber threat indicator" means information that is necessary to\ndesc
Free access — add to your briefcase to read the full text and ask questions with AI
§ 995-a. Definitions. For the purposes of this article: 1.\n"Cybersecurity incident" means an event occurring on or conducted\nthrough a computer network that actually or imminently jeopardizes the\nintegrity, confidentiality, or availability of computers, information or\ncommunications systems or networks, physical or virtual infrastructure\ncontrolled by computers or information systems, or information resident\nthereon.\n 2. "Cyber threat" means any circumstance or event with the potential\nto adversely impact organizational operations, organizational assets, or\nindividuals through an information system via unauthorized access,\ndestruction, disclosure, modification of information, and/or denial of\nservice.\n 3. "Cyber threat indicator" means information that is necessary to\ndescribe or identify:\n (a) malicious reconnaissance, including anomalous patterns of\ncommunications that appear to be transmitted for the purpose of\ngathering technical information related to a cybersecurity threat or\nsecurity vulnerability;\n (b) a method of defeating a security control or exploitation of a\nsecurity vulnerability;\n (c) a security vulnerability, including anomalous activity that\nappears to indicate the existence of a security vulnerability;\n (d) a method of causing a user with legitimate access to an\ninformation system or information that is stored on, processed by, or\ntransiting an information system to unwittingly enable the defeat of a\nsecurity control or exploitation of a security vulnerability;\n (e) malicious cyber command and control;\n (f) the actual or potential harm caused by an incident, including a\ndescription of the information exfiltrated as a result of a particular\ncybersecurity threat;\n (g) any other attribute of a cybersecurity threat, if disclosure of\nsuch attribute is not otherwise prohibited by law; or\n (h) any combination thereof.\n 4. "Defensive measure" means an action, device, procedure, signature,\ntechnique, or other measure applied to an information system or\ninformation that is stored on, processed by, or transiting an\ninformation system that detects, prevents, or mitigates a known or\nsuspected cybersecurity threat or security vulnerability. The term\n"defensive measure" does not include a measure that destroys, renders\nunusable, provides unauthorized access to, or substantially harms an\ninformation system or information stored on, processed by, or transiting\nsuch information system not owned by the municipal corporation or public\nauthority operating the measure, or federal entity that is authorized to\nprovide consent and has provided consent to that municipal corporation\nor public authority for operation of such measure.\n 5. "Information system" means a discrete set of information resources\norganized for the collection, processing, maintenance, use, sharing,\ndissemination, or disposition of information.\n 6. "Municipal corporation" means:\n (a) A municipal corporation as defined in section one hundred\nnineteen-n of this chapter; or\n (b) A district as defined in section one hundred nineteen-n of this\nchapter.\n 7. "Public authority" means any state authority or local authority, as\nsuch terms are defined in section two of the public authorities law, or\nany subsidiary thereof.\n 8. "Ransom payment" means the transmission of any money or other\nproperty or asset, including virtual currency, or any portion thereof,\nwhich has at any time been delivered as ransom in connection with a\nransomware attack.\n 9. "Ransomware attack":\n (a) means an incident that includes the use or threat of use of\nunauthorized or malicious code on an information system, or the use or\nthreat of use of another digital mechanism such as a denial of service\nattack, to interrupt or disrupt the operations of an information system\nor compromise the confidentiality, availability, or integrity of\nelectronic data stored on, processed by, or transiting an information\nsystem to extort a demand for a ransom payment; and\n (b) does not include any such event in which the demand for payment\nis:\n (i) not genuine; or\n (ii) made in good faith by an entity in response to a specific request\nby the owner or operator of the information system.\n