Building a data map is an essential aspect of defining your compliance objectives. If users understand what types of data reside in their environment, the better they will be able to respond in the event of a breach.
Caetra.io has defined numerous general data types that can be utilized by users of the CyMetric system.Click on the Information Types link from the navigation area to display the Information Types dialog area.
To enter data types, click on the three-dot ellipsis in the top right portion of the screen to begin the data entry process. The following dialog box will appear (click to enlarge):
Define Information Type: To use one of the default information types, click on the drop down arrow from the Create From Template to see the list of available options.Click on the appropriate type and proceed to complete the remaining fields.To create a custom information type, simply type the information type on the Information Type Name line and proceed to complete the remaining fields.
Assign Risk Factors: Define the risk factors that apply to the data type by leveraging the FISMA security designations. The Confidentiality, Integrity and Availability fields correspond to the FIPS 199 classifications and should be applied per your company’s assessment. For more information on these definitions, please click on the Help icon in the bottom right of the screen and search for any of the terms. For additional information about this process and things to consider when classifying data types, please see Alan Winchester's article here.
Document Risk Factor Rationale: CyMetric includes a data entry field where users can document the rationale/criteria for defining the data type with the FIPS 199 designation of High, Moderate, Low or None for Confidentiality, Integrity and Availability. There is no limit to the text area and what can be included in it.
When finished, click on Add Information Type from the bottom of the screen. Repeat as required.