UCF ID: 02065 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of critical organizational information assets and functions exposed to physical risks for which risk mitigation actions have been implemented / # of critical information assets and functions.
Calculation source: No authority document source of information exists. The following formula was used: the number of assets and functions which are subject to physical risks and have had some form of control implemented to reduce the risk divided by the number of critical assets and functions listed in the CMDB for each business unit (or the organization as a whole) .
The Common Control IDs associated with this metric are as follows:
- • Prioritize and select safeguards based on the risk assessment findings. [UCF Control ID 00707]
Supporting and supported controls
This control directly supports:
- • Establish and maintain a physical environment metrics program. [UCF Control ID 02063]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE15.2; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2
US Federal Security Guidance
The organization must measure and report on the percentage of critical organizational information assets and functions exposed to physical risks for which risk mitigation actions have been implemented. [ISPE15.2, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of critical organizational information assets and functions exposed to physical risks for which risk mitigation actions have been implemented. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.