Data Classification or Business Impact Assessment (BIA)

The BIA is an integral component of the Information Risk Management service. The aim of this services is to provide a methodology to define and classify a criticality of an application or system as:

Confidentiality: Protecting sensitive information from unauthorised disclosure or intelligible interception.

Integrity: Safeguarding the accuracy, completeness, and timeliness of information, IT systems and computer software (including the ability to audit).

Availability: Ensuring that information and vital services are accessible to authorised users when required.

This methodology focused in assessing the business risk associated with the system by evaluating the business consequences and impact of a loss of the confidentiality, integrity and availability of information:

- To determine the maximum severity of a loss of the confidentiality, integrity and availability of information.

- To classify the system as a whole in terms of its importance to the business and hence the level of protection needed.

Why do you need such services ?

The data classification involves obtaining a thorough understanding of the organisation and the essential technologies, communications systems, vital records, data and IT resources necessary to support key business processes. It assess what the impact of incidents would be from a business perspective.

Which Benefit for you?

Such approach has several organisational benefit which can be highlighted as:

- Better understanding of the critical business components (technology) in the organisation.

- Set the level of applications/infrastructures SLA based on the business perception.

- Improved financial performance by decreasing the number of and impact of critical components.

- Better service delivery by reducing disaster and surprises.

- Cost control on appropriate infrastructure design. It helps to identify the appropriate level of protection needed.

- Having a map of critical components of your organisation for Confidentiality, Integrity and Availability applications.

- More flexible and responsive with managing risks to critical organisation components.

- Better internal and external perception with dealing risks and the way it is managed.

- Can be embedded to your BCM and Information Security management activities.

Data Classification will help you

- Generates a comprehensive list of information assets and analysis of their relative importance.

- Identifies risks to those assets; reviews existing controls and identifies needed controls.

- Provides experience implementing information security risk assessments for future use.
© 2014 IRM-Advisors Contact Us