Section 4-13.1-1-1.5 - "Cybersecurity incident"(a) "Cybersecurity incident" means a malicious or suspicious occurrence that consists of one (1) or more of the categories of attack vectors described in subsection (b) and defined on the office's Internet web site that: (1) jeopardizes or may potentially jeopardize the confidentiality, integrity, or availability of an information system, an operational system, or the information that such systems process, store, or transmit;(2) jeopardizes or may potentially jeopardize the health and safety of the public; or(3) violates security policies, security procedures, or acceptable use policies.(b) A cybersecurity incident may consist of one (1) or more of the following categories of attack vectors: (2) Business email compromise.(3) Vulnerability exploitation.(4) Zero-day exploitation.(5) Distributed denial of service.(7) Other sophisticated attacks as defined by the chief information officer and that are posted on the office's Internet web site.