Information Security Asset Risk Level Examples

The following tables are intended to illustrate Information Security Asset Risk Level Definitions by providing examples of typical campus systems and applications that have been classified as a high, medium and low risk asset based on those definitions.

Examples - High Risk Asset

Information Security Asset Risk Level Examples - High Risk Assets

Category

High Risk Asset Character

Data Ware-

house

PolyLearn

Fire Alarm Monitoring System

Telephone Switch Email System

Polycard

Confidentiality

Persistently contains Level 1 data

Yes No No No Yes Yes
Integrity

Breach of data integrity could result in severe legal or financial risk to the University

Yes Yes Yes Yes Yes Yes

Breach of data integrity causes significant impact on criticaluniversity business processes

Yes Yes Yes Yes Yes Yes

Breach in system integrity could expose data that could result in putting the university in severe legal or financial risk

Yes No No No Yes Yes

Breach in system integrity could put Priority 1 or Priority 2 assets at high risk of inappropriate data exposure, lack of integrity or availability

Yes Yes No Yes Yes Yes

Availability

Service interruption puts the university at some legal or financial risk

No No Yes Yes No Yes
Loss of data puts the university at significant legal or financial risk Yes No No No Yes Yes

Service interruption causes significant impact on critical university business processes

Yes Yes Yes Yes Yes Yes

Loss of data causes significant impact on critical university business processes

Yes Yes No Yes Yes Yes
A significant amount of university resources are required to recover from a service interruption Yes Yes Yes Yes Yes Yes

Examples - Medium Risk Asset

Information Security Asset Risk Level Examples - Medium Risk Assets

Category Medium Risk Asset Character Department File Server Energy Management System Library (PolyCat) FAMIS Course Catalog GIS Server

Confidentiality

Persistently contains Level 2 data

Yes No Yes No No No
Integrity

Breach of data integrity could result in substantial legal or financial risk to the University

Yes Yes Yes No Yes No

Breach of data integrity causes substantial impact on key university business processes

No Yes Yes No Yes No

Breach in system integrity could expose data that could result in putting the university in significant legal or financial risk

Yes No Yes No Yes No

Breach in system integrity could put Priority 1 or Priority 2 assets at high risk of inappropriate data exposure, lack of integrity or availability

No No No No No No

Availability

Service interruption puts the university at some legal or financial risk

No Yes No No Yes Yes
Loss of data puts the university at some legal or financial risk Yes No Yes No Yes Yes

Service interruption causes substantial impact on key university business processes

Yes Yes Yes Yes Yes No

Loss of data causes substantial impact on key university business processes

Yes No Yes Yes Yes No
A substantial amount of university resources are required to recover from a service interruption Yes Yes Yes Yes Yes Yes

Examples - Low Risk Asset

Information Security Asset Risk Level Examples - Low Risk Assets

Category Low Risk Asset Character Lab Image Server Department Specific Academic Application Fire Alarm Monitoring System

Confidentiality

Contains NO persistent Level 1 or Level 2 data

Yes No No
Integrity

Breach of data integrity causes impact on a limited number university business processes

Yes No No

Breach in system integrity could put other Priority 3 assets at risk of inappropriate data exposure, lack of integrity or availability

Yes No No

Availability

Service interruption causes some impact on a limited number of university business processes

Yes No No
Loss of data causes some impact on a limited number of university business processes Yes No No

 

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips