Back

Report on the percentage of information assets that have been reviewed and classified.


CONTROL ID
02053
CONTROL TYPE
Actionable Reports or Measurements
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an identification and classification of information assets metrics program., CC ID: 02052

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The purpose of this measurement is to measure the percentage of information assets that have been reviewed and classified by the designated owner in accordance with the classification scheme established by policy. (§ 18.2, IIA Global Technology Audit Guide (GTAG) 1: Information Technology Controls)
  • The organization must measure and report on the percentage of information assets that have been reviewed and classified by the designated owner in accordance with the classification scheme established by policy. (ISPE12.1, CISWG Information Security Program Elements, 10-Jan-05)
  • the confidentiality of Nonpublic Information and the integrity and security of the Covered Entity's Information Systems; (§ 500.04 Chief Information Security Officer (b)(1), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies)
  • the confidentiality of nonpublic information and the integrity and security of the covered entity's information systems; (§ 500.4 Cybersecurity Governance (b)(1), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)