Information Security Asset Risk Level Definition
|
CATEGORY |
HIGH RISK ASSET |
MEDIUM RISK ASSET |
LOW RISK ASSET |
|---|---|---|---|
|
CONFIDENTIALITY |
Persistently contains Level 1 data |
Persistently contains Level 2 data |
Contains NO persistent Level 1 or Level 2 data |
|
INTEGRITY |
Breach of data integrity could result in severe legal or financial risk to the University |
Breach of data integrity could result in substantial legal or financial risk to the University |
Not Applicable |
| Breach of data integrity causes significant impact on critical university business processes |
Breach of data integrity causes substantial impact on key university business processes |
Breach of data integrity causes impact on a limited number university business processes |
|
| Breach in system integrity could expose data that could result in putting the university in sever legal or financial risk |
Breach in system integrity could expose data that could result in putting the university in significant legal or financial risk |
Not Applicable |
|
| Breach in system integrity could put Priority 1 or Priority 2 assets at high risk of inappropriate data exposure, lack of integrity or availability |
Breach in system integrity could put Priority 1 or Priority 2 assets at high risk of inappropriate data exposure, lack of integrity or availability |
Breach in system integrity could put other Priority 3 assets at risk of inappropriate data exposure, lack of integrity or availability |
|
|
AVAILABILITY |
Service interruption puts the university at significant legal or financial risk |
Service interruption puts the university at some legal or financial risk | Not Applicable |
|
Loss of data puts the university at significant legal or financial risk |
Loss of data puts the university at some legal or financial risk | Not Applicable | |
|
Service interruption causes significant impact on critical university business processes |
Service interruption causes substantial impact on key university business processes |
Service interruption causes some impact on a limited number of university business processes |
|
|
Loss of data causes significant impact on critical university business processes |
Loss of data causes a substantial impact on key university business processes |
Loss of data causes some impact on a limited number of university business processes |
|
|
A significant amount of university resources are required to recover from a service interruptionĀ |
A substantial amount of university resources are required to recover from a service interruptionĀ |
Not Applicable |
Information Security Asset Risk Level Examples - Examples of Cal Poly applications and systems defined as high, medium and low risk assets based on the above definition.
