March 2019 Contents
Table 1: Control satisfaction
Standard | Controls Satisfied |
---|---|
TSC | CC9.1 |
Table 2: Document history
Date | Comment |
---|---|
Jun 1 2018 | Initial document |
Table 3: Description of Consequence Levels and Criteria
Consequence Level | Consequence Score | Description |
---|---|---|
Low | 0 | Loss of confidentiality, integrity, or availability will not affect the organization’s cash flow, legal, or contractual obligations, or reputation. |
Moderate | 1 | Loss of confidentiality, integrity, or availability may incur financial cost and has low or moderate impact on the organization’s legal or contractual obligations and/or reputation. |
High | 2 | Loss of confidentiality, integrity, or availability will have immediate and or/considerable impact on the organization’s cash flow, operations, legal and contractual obligations,and/ or reputation. |
Table 4: Description of Likelihood Levels and Criteria
Likelihood Level | Likelihood Score | Description |
---|---|---|
Low | 0 | Either existing security controls are strong and have so far provided an adequate level of protection, or the probability of the risk being realized is extremely low. No new incidents are expected in the future. |
Moderate | 1 | Either existing security controls have most provided an adequate level of protection or the probability of the risk being realized is moderate. Some minor incidents may have occured. New incidents are possible, but not highly likely. |
High | 2 | Either existing security controls are not in place or ineffective; there is a high probability of the risk being realized. Incidents have a high likelihood of occuring in the future. |