Determine the Information Asset Value
This follows on from the
VPDSF Setup guide, however this step may be revisited multiple times.
The value of an Information Asset is derived from the potential consequences to the organisation that may result from a compromise of that information.
In OVIC, this is referred to as the
Business Impact Level, or
BIL.
Consequences are typically defined as part of your Risk Framework, where the increasing level of consequences are defined across multiple categories.
Individual Victorian Public Sector (VPS) agencies may have their own Risk Framework that defines consequence levels that do not align 1:1 with the Business Impact Levels.
For example, the most critical consequence for a local Victorian council is unlikely to "cause exceptionally grave damage to the national interest", which is the most critical Business Impact Level.
Where these are not aligned 1:1, we need to map the VPS consequences to the OVIC Business Impact Levels.
Steps
There are 2 steps required to determine the Information Asset value:
- Step 2.1: Define Consequences
- Step 2.2: Define Information Asset Compromise Consequences
Related Articles
Define Information Assets
This follows on from the VPDSF Setup guide, however this step may be revisited multiple times. Step 1.5 Define Information Assets An Information Asset refers to any piece of information or data within an organisation, regardless of its value. This ...
Using Custom Attributes on Information Assets
Overview Custom Attributes let you store additional structured metadata on each Information Asset using the Custom Attributes section in the Information Asset dialog. Use this when the standard fields (for example Name or Summary) are not enough, and ...
Define Platform Teams: Option 1: Asset Hierarchy Holistic Entry - Assistant Recommended Asset Hierarchy
This is one of the primary approaches to for utilising the Asset Hierarchy Holistic Entry. Asset Hierarchy Holistic Entry Assistant Recommended Asset Hierarchy The asset hierarchy panel has a sub-menu accessible via the triangle to on the right of ...
Define Platform Teams: Option 1: Asset Hierarchy Holistic Entry
This is one of the options available for Defining the Platform Teams. Option 1: Asset Hierarchy Holistic Entry Rather than considering the Platform Teams in isolation, the Asset Hierarchy view allows their context to be seen while they are being ...
Define Information Assets: Option 2: Cybersecurity Office Excel
This is a one of the options for Defining the Consequences. Cybersecurity Office Excel The Risk & Information Asset Classification Framework can currently only be customised via Excel. If the Options section is not open, click on it to expand the ...