According to the CRISC Review Manual (Digital Version), the business significance of the information is the most important criterion when developing a response to an attack that would compromise data, as it determines the impact and severity of the attack on the organization’s objectives and performance. The business significance of the information helps to:
Assess the value and sensitivity of the data that is compromised or at risk of compromise
Evaluate the potential losses or damages that the organization may incur due to the data compromise
Prioritize the data recovery and restoration activities based on the criticality and urgency of the data
Communicate and coordinate the data breach response and notification with the relevant stakeholders, such as the data owners, the customers, the regulators, and the media
Enhance the data protection and security measures to prevent or mitigate future data compromise incidents
References = CRISC Review Manual (Digital Version), Chapter 3: IT Risk Response, Section 3.3: Risk Response Options, pp. 174-1751
Submit