- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7 hours ago
Hello -
In a situation where we have CMDB implementation partially compleed and at maturity level 2 and IRM solutions started with analysis phase- I would like to know- what is the strategy to maintain CIA attributes?
I understand they are available at BP level but sure why? Why not at application or Infra level.
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hi @ppendyala - Yes, CIA (Confidentiality, Integrity, and Availability) attribute values are maintained at BP level- more often custom fields created at other CI classes (Unfortunate & Its a strict NO in my opinion) to maintain them.
Why not at application level? - A BA may support diff. BPs of varying criticalities. Hence, placing attributes at the BP level prevents "over-classifying" an application based on its most sensitive use case.
Trust that also explains why not at underlying Infra level.
Additionally- The rationale for maintaining CIA (Confidentiality, Integrity, and Availability) attributes at the BP level originates from the fact that risk is fundamentally a business outcome, not a technical one.
"Hope that helps, if so, please mark it as Helpful"
BR, UD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
5 hours ago
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hi @ppendyala - Yes, CIA (Confidentiality, Integrity, and Availability) attribute values are maintained at BP level- more often custom fields created at other CI classes (Unfortunate & Its a strict NO in my opinion) to maintain them.
Why not at application level? - A BA may support diff. BPs of varying criticalities. Hence, placing attributes at the BP level prevents "over-classifying" an application based on its most sensitive use case.
Trust that also explains why not at underlying Infra level.
Additionally- The rationale for maintaining CIA (Confidentiality, Integrity, and Availability) attributes at the BP level originates from the fact that risk is fundamentally a business outcome, not a technical one.
"Hope that helps, if so, please mark it as Helpful"
BR, UD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Thank you @Uday Damaraju. That brings to the question, why its designed like that?
what If an organization maintains CIA values at business app level on a homegrown app or an excel, because in current scenario they do not have concept of BPs and want to migrate them to SN?
