What information is mission-critical, where is it, and what is the impact in the event of a loss of its confidentiality, integrity, and availability?
Criticality Assessment takes your organization through the process of defining the most mission-critical information, finding where that information is located, and understanding the business impact of a loss of confidentiality, integrity, and availability. This can be used directly to ensure that information systems are properly grouped together, and that the right controls are in place around those systems.
Results come in the form of high-level descriptions of the critical information types, scores of business impact as defined by leadership, and tables showing information processing systems, hosts and networks along with their corresponding criticality scores.
We facilitate the process and generate the results through six phases of the engagement, namely:
- One-hour information criticality workshop with business leadership;
- Documentation review;
- Workshops with system managers;
- Workshops with technical staff;
- Verification and validation of information type mappings by staff; and
- Reporting and presentation.
Criticality Assessment results can also be used by other parts of Interhack's system of Cybersecurity services to establish priority and alignment with business interests. For example, a low-impact vulnerability might not come to your attention in an unprioritized report; a low-impact vulnerability on a mission-critical system, however, might be something that you do want to see -- and will, when performing Vulnerability Assessment along with Criticality Assessment.
Contact us to see how our Criticality Assessment can help you to address your concerns effectively and confidently.