Risk Assessment Plan (Data Security)

I have read an interesting article about creating a risk assessment plan in relation to data security. It covers a 5-step plan in order to develop a solid foundation for security strategy. It requires a team assembled to get started with the process.

  1. 1.       Identify information assets
    Consider important information and create a priority list of what needs to be protected.
    Examples; social security numbers, designs, human resources data etc.

  2. 2.       Locate information assets
    Identify and list where each item on the information resides within the organization.
    Examples; file servers, workstations, phones, databases etc.

  3. 3.       Classify information assets
    Assign a rating to the information asset list and consider using a 1 to 5 scale with the following categories:
    Public information, internal information, sensitive internal information, compartmentalized internal information, regulated information

    NB.
    Read more about the examples within each classification scheme on the article

  4. 4.       Conduct a threat-modeling exercise
    Rate the threats facing the top rated information assets, option of usage would be the Microsoft’s STRIDE method:
    (Spoofing of Identity, Tampering with Data, Repudiation of Transactions, Information Disclosure, Denial of Service, Elevation of Privilege)

  5. 5.       Finalize data and start planning
    Multiply all the cells in each of the worksheet by the classification rating assigned to the asset in step 3. This in relation of the worksheet that needs to be created.

Read the article in order to understand the aspects of this approach. It also includes an STRIDE method chart.

The fact that this method approach is considerable and useful while considering data security would definitely be something I would experiment with and use it in greater advance.

Article available on the following link, LOOK INTO IT!
http://www.smallbusinesscomputing.com/news/article.php/3896756/Data-Security-A-5-Step-Risk-Assessment-Plan.htm

Advertisements
This entry was posted in IT Security, Week 36. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s