cropped-phoenixignitedlogo1.png

Phoenix Data CS Risk Framework

Phoenix Data CS Risk Framework

  • August 14, 2024

This post outlines the Phoenix Data CS Risk Framework (current version Beta 1.2).  It addresses data assessment, data classification, and data scoring against the CIA Triad to determine data risk. The aim of the project is to provide a streamlined framework for determining data risk in an organization, so that organizations can better protect their data from cyber and even physical threats.  This project is in its infant stages, we highly appreciate input and professional advice. With that let’s dive!

What is the Phoenix Data CS Risk Framework?

The Phoenix Data CS Risk Framework (PX-DCSRF) is a process / set of guidelines that aims to help organization’s better understand data risk, what data they hold is at risk specifically, and on a general plain, how they as an organization stand in relation to data risk. 

The 3 Sections of the PX-DCSRF

The Phoenix Data CS Risk Framework comprises of 3 steps in determining an organization’s data risk, Data Assessment, Data Classification, and Data Scoring. During the Data Assessment phase an organization examines and takes inventory of all the data they hold. After the Data Assessment phase organizations Classify the data they hold. During this phase organizations define types of data and sort the data by type. Types of data may include PII, Employee Information, Critical Business Information, Tax Info, Archived Business Info, etc. In the Data Scoring phase organizations score the data against a defined set of metrics (the PX-DCSRF defaults to the CIA Triad) along a 10, 20, or 100 point scoring system, (depending on the level of granulation an organization desires). Determining the most effective and efficient means of securing different data types based on how the data scored against the metrics used in the Data Scoring phase is a 4th step of the PX-DCSRF, this step is not included officially yet as it is in pre-implementation phase.

Data Assessment

Data Assessment involves collecting and determining the data an organization holds. This involves taking a complete inventory of an organization’s systems, digital storage, cloud storage, and even may include taking inventory of physical file cabinets. Although their is certain data classification done during the Data Assessment phase such as determining what data an organization has, it is distinct from the Data Classification phase.

Data Classification

During the Data Classification phase organization’s typify the data they hold into logical categories. Data in each category should roughly share the same purpose and should rate similarly against the metrics to be scored against in the Data Scoring phase. It is important that different types of data are correctly differentiated during this phase as improperly categorized data can result in improper data storage and handling in the future, leaving an organization at risk.

Data Scoring

This is the last phase of the Phoenix Data CS Risk Framework. During this phase data types are scored / rated against organization determined metrics. These should at least include the CIA Triad (Confidentiality, Integrity, and Availability). Depending on how the data types score against the various measures, organizations can implement varying operational measures to improve their data security posture.

Walter Miely is a tech entrepreneur and CEO of Phoenix Ignited Tech You can find him on Linkedin. This material is licensed under the CC BY 4.0 License LEGAL DISCLAIMER: The content provided here is provided AS IS, and part of, or the entirety of this content may be incorrect. Please read the entireLegal Disclaimer here.

IONOS - Official Partner
Github Codepen Linkedin X-twitter Flickr Medium

+ Ave Maria +