Information System Categorization
Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system.
Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010
- Defining Sensitivity
- Data Sensitivity and System Sensitivity
- Sensitivity Assessment Process
- Data Classification Approaches ...