
	Home > Risk management: Data organization and impact analysis

Learning Guide:

EMAIL THIS

Risk management: Data organization and impact analysis

30 Aug 2006 | SearchSecurity.com

Digg This!

StumbleUpon

Del.icio.us

Start the process of implementing insider threat controls in your organization by classifying critical information by confidentiality, integrity and availability with associated impact ratings. NIST SP 800-60 provides sample information categories and impact definitions.

Data Type	Confidentiality	Integrity	Availability
Trade Secrets	High	High	Medium
Human Resources	High	Medium	Low
Financial	High	High	Medium

Now that your data has been defined and classified by CIA rating, identify system boundaries. Boundaries should include systems, data flow, networks, people and hard copy printouts.

INSIDER THREAT MANAGEMENT GUIDE

Introduction: Insider threat management guide

Data organization and impact analysis

Baseline management and control

Implementation of baseline control

Risk management audit

Risk management references

BROWSE BY TAG

Security Awareness Training and Internal Threats, Information Security Management, Enterprise Risk Management: Metrics and Assessments, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Awareness Training and Internal Threats
	Creating a HIPAA employee training program
	Successful rogue antivirus hinges on social engineering
	External attacks start with unintentional mistakes, survey finds
	Security technologies fail to address insider threat management
	Data breach avoidance begins with security basics, panel says
	Monitoring program data and internal controls for risk management
	Software security threats and employee awareness training
	Twitter risks, Facebook threats trouble security pros
	Social engineering training could disrupt botnet growth
	How to write a risk methodology that blends business, security needs

Enterprise Risk Management: Metrics and Assessments

How to avoid Internet liability lawsuits

Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way

Bernie Rominski: Communicate Effectively with Management about Risk

Best Policy and Risk Management Products

Monitoring program data and internal controls for risk management

Risk management strategy for an information technology solution provider

Align your data protection efforts with GRC

The basics of enterprise GRC project management

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Enterprise Risk Management: Metrics and Assessments Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

dumpster diving (SearchSecurity.com)

Honeynet Project (SearchSecurity.com)

insider threat (SearchSecurity.com)

National Computer Security Center (SearchSecurity.com)

pretexting (SearchCIO.com)

shoulder surfing (SearchSecurity.com)

single-factor authentication (SFA) (SearchSecurity.com)

social engineering (SearchSecurity.com)

Total Information Awareness (SearchSecurity.com)

trusted computing (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search Additional Security Research and Solutions

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy