For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers.
a. A student maintaining a blog to post public information.
b. An examination section of a university that is managing sensitive information about exam papers.
c. An information system in a pathological laboratory maintaining the patient’s data.
d. A student information system used for maintaining student data in a university that contains both personal, academic information and routine administrative information (not privacy related). Assess the impact for the two data sets separately and the information system as a whole.
e. A University library contains a library management system which controls the distribution of books amongst the students of various departments. The library management system contains both the student data and the book data. Assess the impact for the two data sets separately and the information system as a whole.
To assign impact levels for the loss of confidentiality, availability, and integrity for each asset, we'll consider the sensitivity of the data and the criticality of the system. Here are the impact levels for each asset, along with justifications:
a.
A student maintaining a blog to post public information.
b.
An examination section of a university managing sensitive information about exam papers.
c.
An information system in a pathological laboratory maintaining patient data.
d.
A student information system used for maintaining student data in a university.
e.
A University library containing a library management system with student and book data.