| 1. Computer network attack. |
2. Denial/degradation of service, including distributed denial of service.
3. Unauthorized disclosure of non-public information (compromise of confidentiality).
4. Unauthorized modification to and/or destruction of data (compromise of integrity, availability).
5. Malicious code (viruses, worms, Trojan horses, unauthorized mobile code).
6. Insider threats (privilege escalation; unauthorized viewing, copying, printing, e-mailing, modification).
7. Plan must be exercised to ensure appropriateness and completeness of actions; training and readiness of personnel to recognize, respond to, contain/limit damage from, recover from and report incident.