Professional Documents
Culture Documents
Information Security
Joel Morrobel
Information Asset
An Information Asset is a definable piece of information,
stored in any manner which is recognized as 'valuable' to the
organization.
The
information
which
comprises
an
Information Asset, may be little more than a prospect name
and address file; or it may be the plans for the release of the
latest in a range of products to compete with competitors.
Irrespective, the nature of the information assets
themselves, they all have one or more of the following
characteristics:
Information Security
Information security is the process of
protecting information. It protects its
availability, privacy and integrity.
The CIA:
Information Security Principles
Confidentiality
Allowing only authorized subjects access to
information
Integrity
Allowing only authorized subjects to modify
information
Availability
Ensuring that information and resources
are accessible when needed
Reverse CIA
Confidentiality
Preventing unauthorized subjects from
accessing information
Integrity
Preventing unauthorized subjects from
modifying information
Availability
Preventing information and resources from
being inaccessible when needed
Information Classification
Not all information has the
same value
Need to evaluate value based on CIA
Value determines protection level
Protection levels determine procedures
Labeling informs users on handling
Example:
Information Classification
Government classifications:
Top Secret
Secret
Confidential
Sensitive but Unclassified
Unclassified
Information Classification
Private Sector classifications:
Confidential
Private
Sensitive
Public
Information Classification
Criteria:
Value
Age
Useful Life
Personal Association