Hochladen

Chapter 07 PPT

Hochgeladen von

Aru Reddy
00
4 Aufrufe14 Seiten
managing risk in information system

Beschreibung:

managing risk in information system

Copyright:

© All Rights Reserved
Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
Für unangemessene Inhalte kennzeichnen
4 Aufrufe

Chapter 07 PPT

Hochgeladen von

Aru Reddy

Beschreibung:

managing risk in information system

Copyright:

© All Rights Reserved
Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
Für unangemessene Inhalte kennzeichnen

Verwandte Titel

von 14

Managing Risk in Information Systems

Lesson 7
Identifying Assets and Activities
to be Protected

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


www.jblearning.com
All rights reserved.
System Access and Availability
 Goal: 99.999 percent up time
 Failover cluster
 RAID

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 2
All rights reserved.
System Functions: Manual and
Automated
 Manual
• Written records
• Knowledge of process
 Automated

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 3
All rights reserved.
Hardware Assets

 Computers: Servers, desktop PCs


 Networking devices: Routers,
switches
 Network appliances: Firewalls, spam
appliances

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 4
All rights reserved.
Hardware Assets (Cont.)
 Information you need to know:
• Location
• Manufacturer
• Model number
• Hardware components, such as processor
and random access memory (RAM)
• Hardware peripherals, such as add-on
network interface cards (NICs)
• Basic Input/Output System (BIOS) version

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 5
All rights reserved.
Software Assets
 Operating system and applications
 OS specifics should include:
• Hardware system where it’s installed
• Name of the operating system
• Latest service pack installed
 Application specifics should include:
• Name of the application
• Version number
• Service pack or update information if
available
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Managing Risk in Information Systems www.jblearning.com Page 6
All rights reserved.
Personnel Assets
 The people working for you
 When any function or process
depends on a single person, he/she
becomes a single point of failure
 Reduce risk by:
• Hiring additional personnel
• Cross-training
• Rotating jobs

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 7
All rights reserved.
Data and Information Assets
 Data protected by:
• Access controls
• Backups

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 8
All rights reserved.
Data Classifications
 Organization Freely available
Classifications Public

Private

Protected
Proprietary Internally

Government
 Top Secret
 Secret Highest Level of
 Confidential Protection

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 9
All rights reserved.
Data and Information Asset
Categories

Intellectual
Organization Customer
property

Data
Data mining
warehousing

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 10
All rights reserved.
Asset and Inventory Management Within
the Seven Domains of a Typical IT
Infrastructure

Inventory management
• Used to manage hardware inventories

Asset management
• Used to manage all types of assets; much
more detailed data than an inventory
management system

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 11
All rights reserved.
Seven Domains of a Typical IT Infrastructure

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 12
All rights reserved.
Identifying Facilities and Supplies Needed
to Maintain Business Operations

 Identifying mission-critical systems and


applications
 Business impact analysis planning
 Business continuity planning
 Disaster recovery planning
 Business liability insurance planning
 Asset replacement insurance planning

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 13
All rights reserved.
Summary
 Identification of key activities

 Identification of key assets

 Recognize value of data

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 14
All rights reserved.

Verwandte Interessen

Dokumente ähnlich wie Chapter 07 PPT

Mehr von Aru Reddy

Beliebt in Health