Design information systems adequate to the risk they carry

Depending on the data they store and the processes they support, information systems incur different levels of risk. Credit Suisse categorizes its information systems in a finite number of levels along the three dimensions of availability/maximum data loss, confidentiality and integrity. Each level comes with clear guidelines regarding design, development and testing of the corresponding system. We will show the framework, explain some of the concepts in more detail and analyze how development and operating cost of a system changes when it has to fulfill different standards.