Protection-Needs Assessment & Inheritance

Purpose

The protection-needs assessment determines the protection needs of processes and assets based on the protection goals confidentiality, integrity, and availability (CIA).
After approval, the protection needs can be inherited along the modelled dependencies.

Usage

1. Click + to create a new protection-needs assessment form for processes, hardware, software, or infrastructure of the selected scope.
2. Select or create an assessment period (e.g. year).
3. Assess each object for:
4. Confidentiality, Availability, Integrity via a rating dropdown (e.g. low / normal / high / very high)
5. document the rationale for the classification.
6. Submit the form for approval. The approver can:
7. reject (for rework), or
8. approve (including notification).
9. After approval, a protection-needs overview is available.
   Start "Calculate inheritance" to update the overall protection needs along the dependencies.

This produces a consistent protection-needs overview that is subsequently used in risk management.