Professional Documents
Culture Documents
Home »
Security Plan »
Information Asset Classification
UC's Electronic Information Security Policy (IS-3) defines requirements for the appropriate classification of Institutional
Information and IT Resources to ensure their confidentiality, integrity and availability.
The policy uses a risk-based approach to identify effective controls based on the need to achieve a specific
Protection Level or Availability Level. UC’s investment in security controls is commensurate with the level of need for
protection or availability of the Institutional Information.
Protection Levels:
Designed around protecting the confidentiality and integrity of institutional information and IT resources. Protection
Level Details
Availability Levels:
Designed around protecting the availability of campus institutional information and IT resources. Availability Levels
Details
Resources:
Classification Decision Tree
Mapping of Old Classification to New Classification
https://security.uci.edu/security-plan/plan-classification.html 1/2
9/23/22, 7:57 PM Information Asset Classification
© 2022 UC Regents
https://security.uci.edu/security-plan/plan-classification.html 2/2