Chapter 1 Resource Inventory
- identify
- value & cost if disclosed or destroyed
- ownership
- security classification
Asset groups: information, algorithms, software, equipment.
Owner: determines value, assigns security classfication, has
responsibility.
Possible owners: creator, maintainer, user.
Determining value so to determine level of security.
- cost of creation or acquisition
- cost of loss or compromise
- cost of re-creation. If high, then redundant storage.
- cost of unavailability. worst-case scenario vs. typical scenarios
trade-offs. Redundancy of HW to eliminate points of failure.
- cost of disclosure to 1. profitability 2. privacy (legal & reputation)
Security classification:
- sensitivity of the info
- consequences of disclosure
- legal & contractual obligations & penalties
- standards & guidelines
- lifecycle of info
Combination of confidentiality, integrity, availability
classifications.