Chapter 2

Information System Categorization

Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system.
Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010


  • Defining Sensitivity
  • Data Sensitivity and System Sensitivity
  • Sensitivity Assessment Process
  • Data Classification Approaches ...

Get Official (ISC)2 Guide to the CAP CBK, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.