Hi Ronish,

Consider the following for building an information asset register for Risk
assessment
1. Identify the different process / functions and then list assets under
each process / function
2. Information assets are of different types (Physical, Software, paper,
people, services, information)
3. Add Owner, Custodian and User tag to each asset
4. Add confidentiality, Integrity and Availability (CIA) to each asset

This should be enough to initiate Risk Assessment, which will cover how well
the sensitive data is protected.

Hope this helps,

Best regards,
Santosh

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of F¨¢bio Soto
Sent: Friday, January 06, 2012 10:44 PM
To: 'Parker Zhao'; sfmailsbm (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RES: Building an Information Asset database

Parker,

Great document, thank you !

To increase the quality of the document, I would use Availability, Integrity
and Confidentiality to calculate the asset's business impact.

Regards,

F¨¢bio

-----Mensagem original-----
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Em
nome de Parker Zhao Enviada em: quinta-feira, 5 de janeiro de 2012 03:56
Para: sfmailsbm (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Assunto: RE: Building an Information Asset database

Hi,

Have you been see this ? I thought it is really a good guideline and I get
much from it,

Queensland Government Enterprise Architecture Guideline for Information
Assets Register

http://www.qgcio.qld.gov.au/SiteCollectionDocuments/Architecture%20and%2
0Sta
ndards/Information%20Standards/Toolbox/Information%20Asset%20Custodiansh
ip/Q
GEA%20guideline%20-%20Information%20asset%20register.doc

FYR

Parker

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of sfmailsbm (at) gmail (dot) com [email concealed]
Sent: 2012Äê1ÔÂ4ÈÕ 13:34
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Building an Information Asset database

Hi list,

happy New Year to all of you

Looking for some best practices, reallife recommendations on how to go about
to build up an Information Asset register, which will basically contain a
list of information being used within the organisation, where and how it is
stored, and where it is distributed, e.g. Card Information being stored on
local hard disk without any encryption

This will be the basis to perform information risk assessments to mitigate
potential risk issues

Any help on how to proceed, methodology and tools to manage all of this will
be greatly appreciated

Thanks & regards,
Ronish

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

Privileged/Confidential Information may be contained in this message. If you
are not the addressee indicated in this message (or responsible for delivery
of the message to such person), you may not copy or deliver this message to
anyone. In such case, you should destroy this message and kindly notify the
sender by reply email. Please advise immediately if you or your employer
does not consent to email for messages of this kind. Opinions, conclusions
and other information in this message that do not relate to the official
business of the GroupM companies shall be understood as neither given nor
endorsed by it. GroupM companies are a member of WPP plc. For more
information on our business ethical standards and Corporate Responsibility
policies please refer to our website at http://www.wpp.com/WPP/About/

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]