Sie sind auf Seite 1von 14

Managing Risk in Information Systems

Lesson 7
Identifying Assets and Activities
to be Protected

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


www.jblearning.com
All rights reserved.
System Access and Availability
 Goal: 99.999 percent up time
 Failover cluster
 RAID

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 2
All rights reserved.
System Functions: Manual and
Automated
 Manual
• Written records
• Knowledge of process
 Automated

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 3
All rights reserved.
Hardware Assets

 Computers: Servers, desktop PCs


 Networking devices: Routers,
switches
 Network appliances: Firewalls, spam
appliances

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 4
All rights reserved.
Hardware Assets (Cont.)
 Information you need to know:
• Location
• Manufacturer
• Model number
• Hardware components, such as processor
and random access memory (RAM)
• Hardware peripherals, such as add-on
network interface cards (NICs)
• Basic Input/Output System (BIOS) version

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 5
All rights reserved.
Software Assets
 Operating system and applications
 OS specifics should include:
• Hardware system where it’s installed
• Name of the operating system
• Latest service pack installed
 Application specifics should include:
• Name of the application
• Version number
• Service pack or update information if
available
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Managing Risk in Information Systems www.jblearning.com Page 6
All rights reserved.
Personnel Assets
 The people working for you
 When any function or process
depends on a single person, he/she
becomes a single point of failure
 Reduce risk by:
• Hiring additional personnel
• Cross-training
• Rotating jobs

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 7
All rights reserved.
Data and Information Assets
 Data protected by:
• Access controls
• Backups

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 8
All rights reserved.
Data Classifications
 Organization Freely available
Classifications Public

Private

Protected
Proprietary Internally

Government
 Top Secret
 Secret Highest Level of
 Confidential Protection

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 9
All rights reserved.
Data and Information Asset
Categories

Intellectual
Organization Customer
property

Data
Data mining
warehousing

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 10
All rights reserved.
Asset and Inventory Management Within
the Seven Domains of a Typical IT
Infrastructure

Inventory management
• Used to manage hardware inventories

Asset management
• Used to manage all types of assets; much
more detailed data than an inventory
management system

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 11
All rights reserved.
Seven Domains of a Typical IT Infrastructure

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 12
All rights reserved.
Identifying Facilities and Supplies Needed
to Maintain Business Operations

 Identifying mission-critical systems and


applications
 Business impact analysis planning
 Business continuity planning
 Disaster recovery planning
 Business liability insurance planning
 Asset replacement insurance planning

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 13
All rights reserved.
Summary
 Identification of key activities

 Identification of key assets

 Recognize value of data

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


Managing Risk in Information Systems www.jblearning.com Page 14
All rights reserved.