Back

Establish, implement, and maintain an identification and classification of information assets metrics program.


CONTROL ID
02052
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a metrics policy., CC ID: 01654

This Control has the following implementation support Control(s):
  • Report on the percentage of information assets that have been reviewed and classified., CC ID: 02053
  • Report on the percentage of information assets with defined user privileges that have been assigned based on role and according to policy., CC ID: 02054
  • Report on the percentage of scheduled Information Technology inventory processes that occurred on time., CC ID: 02055


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The organization must measure and report on the not all information assets can be protected at the highest level. Protection priorities, decisions, and corresponding investments should be based on an assessment of risk to the asset, the asset's value, the impact if the asset is compromised (lost, da… (ISPE12, CISWG Information Security Program Elements, 10-Jan-05)