Determining Security Objectives
Determine the nature of your data and what level of protection it requires.
Overview
Paramify provides a simple way to determine the appropriate security objectives of your project. This guide demonstrates the process of determining security objectives within Paramify.
Set information types
Information types are the types of data that your system will handle. They are used to determine the appropriate security objectives.
To set information types:
- Navigate to the project page.
- Under the Data menu, click on "Info Types".
- Select the appropriate information types from the list.
- Click "Save".
Setting information types is demonstrated and further explained in the following video:
Set security objectives
Next, navigate to "Security Objectives". If information types have been selected, then a default will have been chosen for you, based the highest impact level of the selected information types. If information types have not been selected, the default is low. You can change the default by choosing a different impact level, but remarks will be required to explain the deviation.
This security objective will impact the rest of the project, including control selection, required attachments, and printed deliverables as stated in the following video: