Feature

Risk management: Data organization and impact analysis

This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls.

Published: 30 Aug 2006

Start the process of implementing insider threat controls in your organization by classifying critical information by confidentiality, integrity and availability with associated impact ratings. NIST SP 800-60 provides sample information categories and impact definitions.

Data Type	Confidentiality	Integrity	Availability
Trade Secrets	High	High	Medium
Human Resources	High	Medium	Low
Financial	High	High	Medium

Now that your data has been defined and classified by CIA rating, identify system boundaries. Boundaries should include systems, data flow, networks, people and hard copy printouts.

INSIDER RISK MANAGEMENT GUIDE

Introduction: Insider risk management guide

Data organization and impact analysis

Baseline management and control

Implementation of baseline control

Risk management audit

Risk management references

Risk management: Data organization and impact analysis

This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls.

Read more on IT risk management

Microsoft enhanced Recall security, but will it be enough?

Insider threat hunting best practices and tools

Rapid7 discloses more F5 BIG-IP vulnerabilities

How to prepare for malicious insider threats