Establish, implement, and maintain an identification and classification of information assets metrics program.
CONTROL ID 02052
CONTROL TYPE Business Processes
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a metrics policy., CC ID: 01654
This Control has the following implementation support Control(s):
Report on the percentage of information assets that have been reviewed and classified., CC ID: 02053
Report on the percentage of information assets with defined user privileges that have been assigned based on role and according to policy., CC ID: 02054
Report on the percentage of scheduled Information Technology inventory processes that occurred on time., CC ID: 02055
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The organization must measure and report on the not all information assets can be protected at the highest level. Protection priorities, decisions, and corresponding investments should be based on an assessment of risk to the asset, the asset's value, the impact if the asset is compromised (lost, da… (ISPE12, CISWG Information Security Program Elements, 10-Jan-05)