|
|
Guidance for the evaluation of assets is provided in Appendix No. to this decree. A distinction is made between primary and supporting assets, which are further classified according to confidentiality, integrity and availability.All these criteria have four levels low, medium, high and critical. Let's briefly imagine them. On the confidentiality scale, at the lowest level, the asset is publicly available or intended for publication. No protection is required for him.
The middle category includes assets that are not publicly accessible and Chinese American Phone Number Listmake up the company's know-how. Although the protection of this information is not given by any legal regulation or contract, it would still be unpleasant to say the least. Access control tools must then be used to protect confidentiality. And in the top two categories are non-publicly accessible assets for which regulations or contracts require protection, or even an above-standard level of protection
as in the case of a special category of personal data or strategic trade secrets. There, it is already necessary to manage, but also to record access and transmissions must be protected by cryptographic means.In the lowest rung of the integrity ladder, there will be assets where integrity protection is not required. At a medium level, when a possible violation of integrity will manifest itself in less serious impacts on primary assets, standard tools (which the decree does not specify in any way) will suffice.
|
|
發表於 2024-3-7 14:49:55