4
Step two:
define the risk and
the impact
Impact and risk levels
A series of specification standards for an information security
management system, ISO 27000 classifies data and services
as restricted, private or public. Each risk classification is
based on its potential impact. For example, one video system
can classify assets as:
• Live video classified as public, which refers to both the
general public as well as the public within an organization.
If the live video is exposed to the public, the harm is limited.
• Recorded video may be classified as private, only
accessible to a specific organizational unit, because some
recorded incidents may be sensitive.
• System configurations, accounts and passwords are
classified as restricted, only accessible to selected
individuals within the organization.
Two steps in setting your policy
Axis and Genetec recommend creating security policies
associated with every network technology deployed within
an enterprise. It should define which data in your network is
sensitive so that it can be properly protected when in transit.