Get started Bring yourself up to speed with our introductory content.

Risk management: Data organization and impact analysis

This first article of the Insider Threat Management Guide explains how to data organization is the first step in implementing insider threat controls.

Start the process of implementing insider threat controls in your organization by classifying critical information...

by confidentiality, integrity and availability with associated impact ratings. NIST SP 800-60 provides sample information categories and impact definitions.

 Data Type  Confidentiality  Integrity  Availability
 Trade Secrets  High  High  Medium
 Human Resources  High  Medium  Low
 Financial  High  High  Medium

Now that your data has been defined and classified by CIA rating, identify system boundaries. Boundaries should include systems, data flow, networks, people and hard copy printouts.


  Introduction: Insider threat management guide
  Data organization and impact analysis
  Baseline management and control
  Implementation of baseline control
  Risk management audit
  Risk management references
This was last published in August 2006

Dig Deeper on Security Awareness Training and Internal Threats-Information



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...