This resource is no longer available
The classification of information will define associated information protection requirements in terms of restricting the circulation of information based on identity, legality, and temporal components. Confidentiality, Integrity, Availability and Authenticity (CIA&A) must also be considered for information created within organisations. Thus, information must be categorized to reflect the level of business impact that would occur if any of these requirements were not correctly enforced.
Business impact is generally financial and will vary in magnitude depending on the size and economic health of the organisations. Financially healthy companies will suffer less than financially healthy companies with the same value of impact.