Expert Advice Community

Guest

Mapping between Asset value “CIA “ and the information classification

  Quote
Guest
Guest user Created:   Sep 22, 2020 Last commented:   Sep 22, 2020

Mapping between Asset value “CIA “ and the information classification

Could you please clarify the mapping between Asset value “CIA “  and the information  classification because is not clearly defined in the Advisera asset classification page and we have to mentioned a mapping in the information classification policy. The link between CIA and the information  classification.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 22, 2020

Please note that ISO 27001 specifies that the CIA is related to risks (6.1.2 c 1), and to consequences (6.1.2 d 1), not to assets, and that for information classification, the asset value is defined in terms of legal requirements, value, criticality, and sensitivity to compromise due to realized risks, not by the CIA.

Considering that, the reason why we do not have such mapping is that it is not prescribed by the standard, and it only complicates the things (like risk assessment and information classification), because different levels of CIA can be associate to the same classification level and vice-versa.

Regarding mapping, what you can do is use in the Information Classification Policy the impact value for the asset, identified in the risk assessment,  as the basis for the classification.

To see how an Information Classification Policy compliant with ISO 27001 looks like, please access the template demo in this link: https://advisera.com/27001academy/documentation/information-classification-policy/

This article can be interesting for you
-Information classification according to ISO 27001 : https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 21, 2020

Sep 21, 2020