EURIM Working Group on Information Governance


	EURIM TOR/Aims
	Achievements
	List of members
	Structure and Governance
	What EURIM is & is not
	Corporate Information
	Notes for Editors


	Benefits of membership
	Achievements
	Membership types & fees
	Application Form
	List of members


	Index of Publications
	Briefings
	Status Reports
	Working Group Archive
	Useful Information
	Guidelines

EURIM Value of Information Subgroup

Back to information subgroup home

Valuation of information assets

Carnegie Mellon University, Sponsored by US Dept of Defence, Information Asset profiling, June 2005
http://www.cert.org/archive/pdf/05tn021.pdf

Report recommends an Information Asset-centric approach as against a vulnerability–centric approach as the most effective way of achieving info security risk management. It outlines a 6 stage Info Asset Profiling (IAP) process (eg identifying info owners, where stored & processed etc) including how to ‘determine the information asset value’. The latter includes the need to identify the contribution to the organizations goals or potential to impede goal achievement, the value derived from its use, the impact of its loss or unavailability.

It references US Federal Govt guidance on how to determine value [FIPS Publication – NIST 04a, NIST Special Publication – NIST 04b] Gives an example of the patient medical record (eg unavailability or loss could cause fines, legal suits, lower staff effectiveness, poor quality care and even death, though no $ figures)


	Working Groups
	- UK/EU Competitiveness
	- Public Service Delivery
	- Information Governance
	- Information Society Workforce Skills
	- Cyber Security & E-Crime
	- Communications
	Newsletter
	Other Committees


	Latest Timetable
	Working Drafts
	EURIM Outputs
	Press Releases
	Current Consultations
	UK / EU Reports
	EURIM Events