Security Categorization Tool (draft)

Current Location

Loss of Confidentiality

To ensure the confidentiality of business activites and IT assets against a specified set of theats in order to prevent injury to national interests or non-national interests.

Failure Scenario (in context) (required)

What is the type of injury that is most likely to result from a loss of confidentiality? (required)

How significant is the expected injury? (required)

Example of such injury e.g., Riot

Analysis (required)

Loss of Integrity

To ensure the integrity of a business activity or IT asset against a specified set of threats in order to prevent injury to national interests or non-national interests.

Failure Scenario (in context) (required)

What is the type of injury that is most likely to result from a loss of integrity? (required)

How significant is the expected injury? (required)

Example of such injury e.g., Distress, psychological trauma

Analysis (required)

Loss of Availability

To ensure the availability of a business activity or IT asset against a specified set of threats in order to prevent injury to national interests or non-national interests.

Failure Scenario (in context) (required)

What is the type of injury that is most likely to result from a loss of availability? (required)

How significant is the expected injury? (required)

Example of such injury e.g., Affecting program performance

Analysis (required)

Results

Summary Report

The summary report expresses the highest level of expected injuries from threat compromise with respect to the security objectives of confidentiality, integrity, and availability.

Breakdown by Business Activities
Business Domain	Business Activity	Security Category
Business Domain	Business Activity	Confidentiality	Integrity	Availability

Breakdown by Component
Business Domain	Business Activity	Component	Type	Security Category
Business Domain	Business Activity	Component	Type	Confidentiality	Integrity	Availability

Detailed Report

Security Categorization is the process of identifying the potential injuries that could result from compromises of business processes and related information.

The following report provides the detailed injury assessment performed for each process or information component with respect to confidentiality, integrity and availability.

Business Domain	Business Activity	Business Component				Loss of Confidentiality				Loss of Integrity				Loss of Availability
Business Domain	Business Activity	Business Activity Component	Component Description	Type	Authoritative Source	Failure Scenario (in context)	Type of injury	Significance of injury	Analysis	Failure Scenario (in context)	Type of injury	Significance of injury	Analysis	Failure Scenario (in context)	Type of injury	Significance of injury	Analysis

Search and menus

Search

Current Location

Welcome to the Security Categorization Tool

What Would You Like to Do?

Business Domain

Business Activity

Business Component

Loss of Confidentiality

Note

Loss of Integrity

Loss of Availability

Results