Professional Documents
Culture Documents
Asset Inventory Seprate
Asset Inventory Seprate
Application Information Sensitivity Potential Loss Impact User Access Controls Asset Classification
How do
Can Users View
Asset Users
or edit sensitive
Classification Sensitive Information Type Access the Access Control User Identity Proofing
Data? Confidentiality Integrity Availability User Credential Types Restricted Confidential Internal Public
(check all that (check all that apply) system? Platform (Level of Assurance)
(e.g. PII, BII,
apply) (check all
Confidential)
that apply)
Collected and Verified (Ask from users to verify and validate authentication & authorization)
Employee
Knowledge-based Authentication
documents,
transaction data, dial-up
Personal Identifiable
Business / Official
Personal Financial
National Security
Personal Medical
Social Security #
Remote Desktop
litigation brochures,
Custom (Code)
and biometrics
and soft token
unpublished numbers,
ID/Password
ID/Password
ID/Password
ID/Password
strategy advertiseme
Moderate
Moderate
Moderate
Sensitive
internally new
Internet
Intranet
Level 1:
Level 2:
Level 3:
Secure
Public
memos, reports nts, job
Other
Other
Other
High
High
High
VPN
Low
Low
Low
Yes/No generated market employee
on opening
research, training
breakthrough announcem
computer materials,
new product ents, and
passwords, internal
research, and press
identity token company
Trade Secrets releases
personal portals and
such as certain
identification internal
computer
numbers (PINs), policy
programs
and internal audit manuals
reports
Recreation program
5 talentandacquisition.com IT Marketing Senior Center & Rec X X X X X X X X Yes X X X X X X X X X X
platform
6 36 30 24 18 12 6
5 30 25 20 15 10 5
4 24 20 16 12 8 4
3 18 15 12 9 6 3
2 12 10 8 6 4 2
1 6 5 4 3 2 1
Severity
consequences of failure Defination
6 Major Loss of Production and access
5 Significant Limited capability and visibility of the critical asset
4 Important Need to execute DR
3 Notable Restore from backup,
2 Minor Change of Hard drive, RAM
1 Very Minor System reboot, UPS fail, NIC Card Failure
Department/Agency: Sensitivity Potential Loss Impact Us
Can Users View or
How do Users Access the
Data Classification Data Type edit sensitive Data? Access Control
Application Description Confidentiality Integrity Availability system?
(check all that apply) (check all that apply) (eg PII, BII, Platform
(check all that apply)
Confidential)
Sensitive (PII/Confidential)
Personal Identification
Criminal Investigation
Homeland Security
Personal Financial
(Agency Support)
Personal Medical
Social Security #
NJ State Portal
(Core Mission)
Public Safety/
Non-sensitive
GoToMyPC
Moderate
Moderate
Moderate
Sensitive
Sensitive
Extranet
Internet
Intranet
High
High
High
VPN
Low
Low
Low
Yes/No
Energy Supplemental Program Solar energy program for NJ households Yes Yes Yes Yes Yes Yes Yes Yes
Application
Description
Platform
Custom (Code)
Other
Level 1:
No Identity Proofing
Yes
Level 2:
Collected
Level 3:
Collected and Verified
User Access Controls
(Level of Assurance)
User Identity Proofing
Knowledge-based Authentication
ID/Password
ID and SMS
One Time Password
ID/Password
and soft token
ID/Password
and hard token
User Credential Types
ID/Password
and biometrics
Other