Reviewing Critical Systems and Information
If your organization has not sufficiently identified its critical information and systems, this is the point where you’re going to want to roll up your sleeves and find out what’s most important. Although there are different ways to accomplish this, the best way we have discovered is to follow the methodology laid out by the National Security Agency (NSA) Information Assessment Methodology (IAM). They have developed a quick and easy way to nail down what is critical. It’s a qualitative type assessment that ranks the system by confidentiality, integrity, and availability. There are two types of criticalities that we will be discussing:
Organization Information Criticality Matrix (OICM)
Systems Criticality ...