Disaster preparedness and planning involves the development of response programs to be used in case of a disaster. This involves the development of emergency management programs and activities as well as staffing and equipping regional response centers. The overall accountability rating for this information classification is Low.
Confidentiality level = Low
The confidentiality impact level is the effect of unauthorized disclosure of disaster preparedness and planning information on the ability of responsible entities to develop response programs to be used in case of a disaster. This involves the development of emergency management programs and activities as well as staffing and equipping regional response centers. The consequences of unauthorized disclosure of most disaster preparedness and planning information would have, at most, a limited adverse effect on organizational operations, organizational assets, or individuals.
Known mitigating factors toward changing the confidentiality level
The consequences of unauthorized disclosure of some disaster preparedness and planning information may include revealing weak or sensitive critical infrastructure characteristics or inadequate security of organizational targets to criminals or other adversaries. Such information may reveal to an enemy the most effective technique(s) to use in attacking a target, and/or information regarding the capabilities, intent, and plans of our adversaries. Where unauthorized disclosure of disaster preparedness and planning information associated with critical infrastructures, large groups of people, or key organizational assets is expected to be of direct use to criminals, the confidentiality impact level is recommended to be high.
Integrity level = Low
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster preparedness and planning information depend on whether the information is time-critical.
Known mitigating factors toward changing the integrity level
Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the organization, but the damage to the mission will usually be limited. The consequences of unauthorized modification or destruction of information can be very serious or catastrophic if the data is time-critical operational information. In such cases, the impact level assigned would be moderate or high.
Availability level = Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to disaster preparedness and planning information. Generally, missions supported by disaster preparedness and planning information are not reliably tolerant of delays.
Known mitigating factors toward changing the availability level
If emergency responders and those responsible for repair and restoration activities are unable to access preparedness and planning information in the event of an actual emergency the consequences may include confusion and delays. In such cases, the availability impact level can be moderate or high.