1. IS Resource/Impact Identification. Identify the company’s IS resources (people, data, processes, information technology components, and facilities). Note: You must identify specific IS resources. List each IS resource on a separate line; do NOT list/lump distinct resources together on the same line as this may result in classification issues.
For each IS resource identified, define the following (see footnotes for clarification): (a) resource, (b) criticality, (c) sensitivity (data resources only), (d) principal impact concerns, and (e) potential threat sources.