Risk management: Data organization and impact analysis

This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls.

Start the process of implementing insider threat controls in your organization by classifying critical information by confidentiality, integrity and availability with associated impact ratings. NIST SP 800-60 provides sample information categories and impact definitions.

 Data Type  Confidentiality  Integrity  Availability
 Trade Secrets  High  High  Medium
 Human Resources  High  Medium  Low
 Financial  High  High  Medium

Now that your data has been defined and classified by CIA rating, identify system boundaries. Boundaries should include systems, data flow, networks, people and hard copy printouts.


INSIDER RISK MANAGEMENT GUIDE

  Introduction: Insider risk management guide
  Data organization and impact analysis
  Baseline management and control
  Implementation of baseline control
  Risk management audit
  Risk management references
This was first published in August 2006

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close