Risk management: Data organization and impact analysis

Learning Guide

Risk management: Data organization and impact analysis

Start the process of implementing insider threat controls in your organization by classifying critical information by confidentiality, integrity and availability with associated impact ratings. NIST SP 800-60

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

provides sample information categories and impact definitions.

 Data Type  Confidentiality  Integrity  Availability
 Trade Secrets  High  High  Medium
 Human Resources  High  Medium  Low
 Financial  High  High  Medium

Now that your data has been defined and classified by CIA rating, identify system boundaries. Boundaries should include systems, data flow, networks, people and hard copy printouts.


  Introduction: Insider threat management guide
  Data organization and impact analysis
  Baseline management and control
  Implementation of baseline control
  Risk management audit
  Risk management references

This was first published in August 2006