Expert Advice Community

Guest

How to calculate confidentiality, integrity and availability values of people

  Quote
Guest
Guest user Created:   Mar 20, 2016 Last commented:   Mar 20, 2016

How to calculate confidentiality, integrity and availability values of people

How to calculate the confidentiality, integrity and availability values of people assets.
0 0

Assign topic to the user

ISO 27001 INFORMATION CLASSIFICATION POLICY

Define the classification levels and how to protect the information.

ISO 27001 INFORMATION CLASSIFICATION POLICY

Define the classification levels and how to protect the information.

Guest
Antonio Jose Segovia Mar 20, 2016

Answer:
I will give you an easy example (considering a scale of values from 0 to 2, being 2 the greater):

Asset: system administrator
Threat 1: Unavailability of the person (related to the availability); vulnerability: no replacement for the position of this person.
Consequences (based on the lack of availability of this person) = 1
Likelihood = 1
Risk = 1 + 1 = 2

Threat 2: Frequent errors (related to the integrity); vulnerability: lack of training.
Consequences (based on the lack of integrity of this person) = 1
Likelihood = 2
Risk = 1 + 2 = 3

Threat 3: Illegal processing of data (related to the confidentiality); vulnerability: lack of monitoring mechanisms.
Consequences (based on the lack of confidentiality of this person) = 2
Likelihood = 0
Risk = 2 + 0 = 2

Quote
0 2

Comment as guest or Sign in

HTML tags are not allowed

Mar 20, 2016

Mar 20, 2016