Security categorization provides a structured way to determine the criticality and sensitivity of the information being processed, stored, and transmitted by an information system. This course provides learners with an understanding of how to categorize the system and the information using the NIST SP 800-37 Rev. 2 Risk Management Framework.
On successful completion of this course, learners should have the knowledge and skills required to:
- Identify all information types based on the system boundary
- Categorize information processed, stored, or transmitted by the potential adverse impact that information can be compromised as it regards to confidentiality, integrity or availability
- Ensure the security categorizations are consistent with roles, operating environment, connectivity and intended use