| An organization's assets are those things that add value to the organization or whose loss would remove value from the organization. Information resources are those resources that either store information, transport information, create information, use information, or are information. One must adequately identify the organization's resources that are to be protected to appropriately evaluate risks and apply proper security measures. The following types of losses are commonplace: -
Denial of service is the loss of availability and is the most visible of all losses. The loss of availability is immediately apparent to any entity that needs access and is unable to get access. Availability is often considered the most important attribute in service-oriented businesses that depend on information (e.g., airline schedules and online inventory systems). -
Disclosure is the loss of confidentiality and indicates that the resource has the potential to release information to unauthorized entities. For some types of information, confidentiality is a very important attribute. Examples include research data, medical and insurance records, new product specifications, and corporate investment strategies. In some locations, there may be a legal obligation to protect the privacy of individuals. This is particularly true for banks and loan companies; debt collectors; businesses that extend credit to their customers or issue credit cards; hospitals , doctors ' offices, and medical testing laboratories; individuals or agencies that offer services such as psychological counseling or drug treatment; and agencies that collect taxes. Information disclosure is generally the area of greatest concern to an organization. -
Destruction or corruption is the loss of integrity and indicates that unauthorized changes have been made to information, whether by human error or intentional tampering. Integrity is particularly important for critical safety and financial data used in activities such as electronic funds transfers, air traffic control, and financial accounting. If the quality of the resource is in question, then all the decisions that utilize that resource must also be in question. Information corruption may be the most devastating type of loss to an organization.  |
