Information Security Asset Risk Level Definition

Information Security Asset Risk Levels Defined
An asset is classified at the defined risk level if any one of the characteristics listed in the column is true.

CATEGORY

HIGH RISK ASSET

MEDIUM RISK ASSET

LOW RISK ASSET

CONFIDENTIALITY

Persistently contains Level 1 data

Persistently contains Level 2 data

Contains NO persistent Level 1 or Level 2 data

INTEGRITY

Breach of data integrity could result in severe legal or financial risk to the University

Breach of data integrity could result in substantial legal or financial risk to the University

Not Applicable

Breach of data integrity causes significant impact on critical university business processes

Breach of data integrity causes substantial impact on key university business processes

Breach of data integrity causes impact on a limited number university business processes

Breach in system integrity could expose data that could result in putting the university in sever legal or financial risk

Breach in system integrity could expose data that could result in putting the university in significant legal or financial risk

Not Applicable

Breach in system integrity could put Priority 1 or Priority 2 assets at high risk of inappropriate data exposure, lack of integrity or availability

Breach in system integrity could put Priority 1 or Priority 2 assets at high risk of inappropriate data exposure, lack of integrity or availability

Breach in system integrity could put other Priority 3 assets at risk of inappropriate data exposure, lack of integrity or availability

AVAILABILITY

Service interruption puts the university at significant legal or financial risk

Service interruption puts the university at some legal or financial risk Not Applicable

Loss of data puts the university at significant legal or financial risk

Loss of data puts the university at some legal or financial risk Not Applicable

Service interruption causes significant impact on critical university business processes

Service interruption causes substantial impact on key university business processes

Service interruption causes some impact on a limited number of university business processes

Loss of data causes significant impact on critical university business processes

Loss of data causes a substantial impact on key university business processes

Loss of data causes some impact on a limited number of university business processes

A significant amount of university resources are required to recover from a service interruption 

A substantial amount of university resources are required to recover from a service interruption 

Not Applicable

Information Security Asset Risk Level Examples - Examples of Cal Poly applications and systems defined as high, medium and low risk assets based on the above definition.

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips