Chapter 3. Risk Mitigation Strategies and Controls
This chapter covers the following topics:
Categorize Data Types by Impact Levels Based on CIA: This section includes a discussion of CIA and FIPS 199 levels.
Incorporate Stakeholder Input into CIA Impact-Level Decisions: This section covers why stakeholder input should be obtained and factored into the decisions made.
Determine the Aggregate CIA Score: This section discusses using the FIPS 199 nomenclature to calculate the aggregate score.
Determine Minimum Required Security Controls Based on Aggregate Score: This section discusses using the aggregate score to help select security controls.
Select and Implement Controls Based on CIA Requirements and Organizational Policies: This section discusses ...