Thanks for Info.
I am a beginner and will appreciate all the inputs you can give.
Bharat
On Mon, 30 Jan 2012 23:34:12 -0200
Fábio Soto <fabio (at) andradesoto.com (dot) br [email concealed]> wrote:
> Bharat,
>
> That's the Microsoft Risk Assessment/Analysis methodology, and it is
>a good way to go.
>
> One thing I've changed about it is the risk calculation. We need to
>establish the risk criteria for impact and likelihood (financial
>impact, availability impact, confidentiality impact, integrity
>impact).
>
> After we calculate the impact with all that variables, and the
>likelihood (I use 2 likelihood variables), we can use the well known
>"Risk = Impact * Likelihood".
>
> Then we need to define the controls and the residual risks after
>implementing that controls.
>
> Regards,
>
>Fábio Soto
>
> -----Mensagem original-----
> De: Bharat Gosalia [mailto:bharat_gosalia (at) mafatlalcipherspace (dot) in [email concealed]]
> Enviada em: sexta-feira, 27 de janeiro de 2012 21:02
> Para: Santosh Kaimal; 'Fábio Soto'; 'Parker Zhao';
>sfmailsbm (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
> Assunto: Re: Building an Information Asset database
>
> On Fri, 27 Jan 2012 22:59:34 +0000
> "Bharat Gosalia" <bharat_gosalia (at) mafatlalcipherspace (dot) in [email concealed]> wrote:
>> I FOUND chapter 4 somewhat relevent.
>> Naturally it is a copy from somewhere.
>>
>>
>> On Sat, 21 Jan 2012 11:05:19 +0530
>> "Santosh Kaimal" <santoshkaimal (at) billdesk (dot) com [email concealed]> wrote:
>>> Hi Ronish,
>>>
>>> Consider the following for building an information asset register
>>>for
>>>Risk assessment 1. Identify the different process / functions and
>>>then list assets under each process / function 2. Information
>>>assets
>>>are of different types (Physical, Software, paper, people, services,
>>>information) 3. Add Owner, Custodian and User tag to each asset 4.
>>>Add confidentiality, Integrity and Availability (CIA) to each asset
>>>
>>> This should be enough to initiate Risk Assessment, which will cover
>>>how well the sensitive data is protected.
>>>
>>> Hope this helps,
>>>
>>> Best regards,
>>> Santosh
>>>
>>>
>>>
>>> -----Original Message-----
>>>From: listbounce (at) securityfocus (dot) com [email concealed]
>>>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Fábio Soto
>>> Sent: Friday, January 06, 2012 10:44 PM
>>> To: 'Parker Zhao'; sfmailsbm (at) gmail (dot) com [email concealed];
>>>security-basics (at) securityfocus (dot) com [email concealed]
>>> Subject: RES: Building an Information Asset database
>>>
>>> Parker,
>>>
>>> Great document, thank you !
>>>
>>> To increase the quality of the document, I would use Availability,
>>>Integrity and Confidentiality to calculate the asset's business
>>>impact.
>>>
>>> Regards,
>>>
>>>Fábio
>>>
>>> -----Mensagem original-----
>>> De: listbounce (at) securityfocus (dot) com [email concealed]
>>>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] Em nome de Parker Zhao Enviada
>>>em: quinta-feira, 5 de janeiro de 2012
>>>03:56
>>> Para: sfmailsbm (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
>>> Assunto: RE: Building an Information Asset database
>>>
>>> Hi,
>>>
>>> Have you been see this ? I thought it is really a good guideline and
>>>I get much from it,
>>>
>>> Queensland Government Enterprise Architecture Guideline for
>>>Information Assets Register
>>>
>>> http://www.qgcio.qld.gov.au/SiteCollectionDocuments/Architecture%20an
>>> d%20Sta
>>> ndards/Information%20Standards/Toolbox/Information%20Asset%20Custodia
>>> nship/Q GEA%20guideline%20-%20Information%20asset%20register.doc
>>>
>>>FYR
>>>
>>> Parker
>>>
>>> -----Original Message-----
>>>From: listbounce (at) securityfocus (dot) com [email concealed]
>>>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
>>>sfmailsbm (at) gmail (dot) com [email concealed]
>>> Sent: 2012å¹´1æ??4æ?¥ 13:34
>>> To: security-basics (at) securityfocus (dot) com [email concealed]
>>> Subject: Building an Information Asset database
>>>
>>> Hi list,
>>>
>>> happy New Year to all of you
>>>
>>> Looking for some best practices, reallife recommendations on how to
>>>go about to build up an Information Asset register, which will
>>>basically contain a list of information being used within the
>>>organisation, where and how it is stored, and where it is
>>>distributed, e.g. Card Information being stored on local hard disk
>>>without any encryption
>>>
>>> This will be the basis to perform information risk assessments to
>>>mitigate potential risk issues
>>>
>>> Any help on how to proceed, methodology and tools to manage all of
>>>this will be greatly appreciated
>>>
>>> Thanks & regards,
>>> Ronish
>>>
>>>
>>>---------------------------------------------------------------------
-
>>>-- Securing Apache Web Server with thawte Digital Certificate In
>>>this
>>>guide we examine the importance of Apache-SSL and who needs an SSL
>>>certificate. We look at how SSL works, how it benefits your company
>>>and how your customers can tell if a site is secure. You will find
>>>out how to test, purchase, install and use a thawte Digital
>>>Certificate on your Apache web server.
>>> Throughout, best practices for set-up are highlighted to help you
>>>ensure efficient ongoing management of your encryption keys and
>>>digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>>> 442f727
>>> d1
>>> ---------------------------------------------------------------------
>>> ---
>>>
>>>
>>> Privileged/Confidential Information may be contained in this
>>>message.
>>>If you are not the addressee indicated in this message (or
>>>responsible for delivery of the message to such person), you may not
>>>copy or deliver this message to anyone. In such case, you should
>>>destroy this message and kindly notify the sender by reply email.
>>>Please advise immediately if you or your employer does not consent
>>>to
>>>email for messages of this kind. Opinions, conclusions and other
>>>information in this message that do not relate to the official
>>>business of the GroupM companies shall be understood as neither given
>>>nor
>>> endorsed by it. GroupM companies are a member of WPP plc. For more
>>> information on our business ethical standards and Corporate
>>>Responsibility policies please refer to our website at
>>>http://www.wpp.com/WPP/About/
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate In this
>>>guide we
>>> examine the importance of Apache-SSL and who needs an SSL
>>>certificate. We
>>> look at how SSL works, how it benefits your company and how your
>>>customers
>>> can tell if a site is secure. You will find out how to test,
>>>purchase,
>>> install and use a thawte Digital Certificate on your Apache web
>>>server.
>>> Throughout, best practices for set-up are highlighted to help you
>>>ensure
>>> efficient ongoing management of your encryption keys and digital
>>> certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
>>> d1
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs
>>>an SSL certificate. We look at how SSL works, how it benefits your
>>>company and how your customers can tell if a site is secure. You will
>>>find out how to test, purchase, install and use a thawte Digital
>>>Certificate on your Apache web server. Throughout, best practices for
>>>set-up are highlighted to help you ensure efficient ongoing
>>>management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Thanks for Info.
I am a beginner and will appreciate all the inputs you can give.
Bharat
On Mon, 30 Jan 2012 23:34:12 -0200
Fábio Soto <fabio (at) andradesoto.com (dot) br [email concealed]> wrote:
> Bharat,
>
> That's the Microsoft Risk Assessment/Analysis methodology, and it is
>a good way to go.
>
> One thing I've changed about it is the risk calculation. We need to
>establish the risk criteria for impact and likelihood (financial
>impact, availability impact, confidentiality impact, integrity
>impact).
>
> After we calculate the impact with all that variables, and the
>likelihood (I use 2 likelihood variables), we can use the well known
>"Risk = Impact * Likelihood".
>
> Then we need to define the controls and the residual risks after
>implementing that controls.
>
> Regards,
>
>Fábio Soto
>
> -----Mensagem original-----
> De: Bharat Gosalia [mailto:bharat_gosalia (at) mafatlalcipherspace (dot) in [email concealed]]
> Enviada em: sexta-feira, 27 de janeiro de 2012 21:02
> Para: Santosh Kaimal; 'Fábio Soto'; 'Parker Zhao';
>sfmailsbm (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
> Assunto: Re: Building an Information Asset database
>
> On Fri, 27 Jan 2012 22:59:34 +0000
> "Bharat Gosalia" <bharat_gosalia (at) mafatlalcipherspace (dot) in [email concealed]> wrote:
>> I FOUND chapter 4 somewhat relevent.
>> Naturally it is a copy from somewhere.
>>
>>
>> On Sat, 21 Jan 2012 11:05:19 +0530
>> "Santosh Kaimal" <santoshkaimal (at) billdesk (dot) com [email concealed]> wrote:
>>> Hi Ronish,
>>>
>>> Consider the following for building an information asset register
>>>for
>>>Risk assessment 1. Identify the different process / functions and
>>>then list assets under each process / function 2. Information
>>>assets
>>>are of different types (Physical, Software, paper, people, services,
>>>information) 3. Add Owner, Custodian and User tag to each asset 4.
>>>Add confidentiality, Integrity and Availability (CIA) to each asset
>>>
>>> This should be enough to initiate Risk Assessment, which will cover
>>>how well the sensitive data is protected.
>>>
>>> Hope this helps,
>>>
>>> Best regards,
>>> Santosh
>>>
>>>
>>>
>>> -----Original Message-----
>>>From: listbounce (at) securityfocus (dot) com [email concealed]
>>>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Fábio Soto
>>> Sent: Friday, January 06, 2012 10:44 PM
>>> To: 'Parker Zhao'; sfmailsbm (at) gmail (dot) com [email concealed];
>>>security-basics (at) securityfocus (dot) com [email concealed]
>>> Subject: RES: Building an Information Asset database
>>>
>>> Parker,
>>>
>>> Great document, thank you !
>>>
>>> To increase the quality of the document, I would use Availability,
>>>Integrity and Confidentiality to calculate the asset's business
>>>impact.
>>>
>>> Regards,
>>>
>>>Fábio
>>>
>>> -----Mensagem original-----
>>> De: listbounce (at) securityfocus (dot) com [email concealed]
>>>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] Em nome de Parker Zhao Enviada
>>>em: quinta-feira, 5 de janeiro de 2012
>>>03:56
>>> Para: sfmailsbm (at) gmail (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
>>> Assunto: RE: Building an Information Asset database
>>>
>>> Hi,
>>>
>>> Have you been see this ? I thought it is really a good guideline and
>>>I get much from it,
>>>
>>> Queensland Government Enterprise Architecture Guideline for
>>>Information Assets Register
>>>
>>> http://www.qgcio.qld.gov.au/SiteCollectionDocuments/Architecture%20an
>>> d%20Sta
>>> ndards/Information%20Standards/Toolbox/Information%20Asset%20Custodia
>>> nship/Q GEA%20guideline%20-%20Information%20asset%20register.doc
>>>
>>>FYR
>>>
>>> Parker
>>>
>>> -----Original Message-----
>>>From: listbounce (at) securityfocus (dot) com [email concealed]
>>>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
>>>sfmailsbm (at) gmail (dot) com [email concealed]
>>> Sent: 2012å¹´1æ??4æ?¥ 13:34
>>> To: security-basics (at) securityfocus (dot) com [email concealed]
>>> Subject: Building an Information Asset database
>>>
>>> Hi list,
>>>
>>> happy New Year to all of you
>>>
>>> Looking for some best practices, reallife recommendations on how to
>>>go about to build up an Information Asset register, which will
>>>basically contain a list of information being used within the
>>>organisation, where and how it is stored, and where it is
>>>distributed, e.g. Card Information being stored on local hard disk
>>>without any encryption
>>>
>>> This will be the basis to perform information risk assessments to
>>>mitigate potential risk issues
>>>
>>> Any help on how to proceed, methodology and tools to manage all of
>>>this will be greatly appreciated
>>>
>>> Thanks & regards,
>>> Ronish
>>>
>>>
>>>---------------------------------------------------------------------
-
>>>-- Securing Apache Web Server with thawte Digital Certificate In
>>>this
>>>guide we examine the importance of Apache-SSL and who needs an SSL
>>>certificate. We look at how SSL works, how it benefits your company
>>>and how your customers can tell if a site is secure. You will find
>>>out how to test, purchase, install and use a thawte Digital
>>>Certificate on your Apache web server.
>>> Throughout, best practices for set-up are highlighted to help you
>>>ensure efficient ongoing management of your encryption keys and
>>>digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>>> 442f727
>>> d1
>>> ---------------------------------------------------------------------
>>> ---
>>>
>>>
>>> Privileged/Confidential Information may be contained in this
>>>message.
>>>If you are not the addressee indicated in this message (or
>>>responsible for delivery of the message to such person), you may not
>>>copy or deliver this message to anyone. In such case, you should
>>>destroy this message and kindly notify the sender by reply email.
>>>Please advise immediately if you or your employer does not consent
>>>to
>>>email for messages of this kind. Opinions, conclusions and other
>>>information in this message that do not relate to the official
>>>business of the GroupM companies shall be understood as neither given
>>>nor
>>> endorsed by it. GroupM companies are a member of WPP plc. For more
>>> information on our business ethical standards and Corporate
>>>Responsibility policies please refer to our website at
>>>http://www.wpp.com/WPP/About/
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate In this
>>>guide we
>>> examine the importance of Apache-SSL and who needs an SSL
>>>certificate. We
>>> look at how SSL works, how it benefits your company and how your
>>>customers
>>> can tell if a site is secure. You will find out how to test,
>>>purchase,
>>> install and use a thawte Digital Certificate on your Apache web
>>>server.
>>> Throughout, best practices for set-up are highlighted to help you
>>>ensure
>>> efficient ongoing management of your encryption keys and digital
>>> certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
>>> d1
>>> ------------------------------------------------------------------------
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs
>>>an SSL certificate. We look at how SSL works, how it benefits your
>>>company and how your customers can tell if a site is secure. You will
>>>find out how to test, purchase, install and use a thawte Digital
>>>Certificate on your Apache web server. Throughout, best practices for
>>>set-up are highlighted to help you ensure efficient ongoing
>>>management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------
>>>
>>
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]