Determine security objectives - paramify/support GitHub Wiki

Determine the nature of your data and what level of protection it requires.

Overview

Paramify provides a simple way to determine the appropriate security objectives of your project. This guide demonstrates the process of determining security objectives within Paramify.

Set information types

Information types are the types of data that your system will handle. They are used to determine the appropriate security objectives. To set information types, navigate to the project page and under "Data: click on the "Info Types" tab. Select the appropriate information types from the list and click "Save".

Set security objectives

Next, navigate to "Security Objectives". If information types have been selected, then a default will have been chosen for you, based the highest impact level of the selected information types. If information types have not been selected, the default is low. You can change the default by choosing a different impact level, but remarks will be required to explain the deviation.

This security objective will impact the rest of the project, including control selection, required attachments, and printed deliverables.