Okay, So the first thing that we have to do when we're talking about the security mechanisms we put in place, we need to figure out the value of the data. And in many instances, we think about that value coming in relation to the confidentiality needs,
sensitivity of the data so we can ask ourselves six key questions, and this will help us determine sensitivity off the data. And we look at these in terms of impact. So what would be the impact if information was widely distributed?
Credit card number, Social Security numbers? Well, obviously, that would have very big ramifications. Um,
demographic information. You know, there are other types of information that maybe we wanna protect but would not have as high an impact their different levels. You know, data doesn't have to be top secret and sensitively to still have value that needs to be protected. All right, so we figure out what's the damage of? It's widely distributed.
All right, what's the damage? If an employee of the cloud provider accessed the application or the information because we know that insider threat Israel and its insiders within our organization, but it can also be insiders within the cloud security.
What would the impact be if the process was manipulated if modification was allowed?
What happened? What would happen if the process failed to provide the expected result? What if somehow there was a kn imbalance and internal and external consistency of the database, for instance?
Ah, what if the information was unexpectedly changed or modified? You know what sort of financial implications might be a good question to ask, and then what would happen in relation to availability? What happens? What is the impact if the application is unavailable for a period of time?
Well, if we sell products and we're, um,
customers can't purchase things for us, that could have a very, very large impact. So we look at these these issues, and we're looking to kind of categorize our data based on sensitivity, because the sensitivity is tied into the value of the data and the data.
His value essentially drives the controls re put in place