Chapter 2

Information System Categorization

Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system.

Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010

Topics

Defining Sensitivity
Data Sensitivity and System Sensitivity
Sensitivity Assessment Process
Data Classification Approaches ...

Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition by Patrick D. Howard

Information System Categorization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly