Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Identifying the Assets

Identifying the Assets

Jul 04,2009 by alperen

small font medium font large font
image


When identifying the assets that need to be protected, some might be obvious, like valuable proprietary information such as product blueprints or designs, intellectual property, and the many hardware components that make up the network. Others might not be so obvious, though, and are often overlooked, such as the people using the systems. While the company doesn’t own the people, it could have invested in their skills and development over the years. Similarly, the company might rely heavily on those skills to meet its business objectives. Some users might have no readily identifiable replacements within the current workforce.

The point is to list everything that could be impacted in any way by a security problem:

  • Hardware Servers, workstations, laptops, printers, scanners, FAX units, routers, switches, firewalls, intrusion detection devices, wireless access points, IP telephones, palm-sized devices, pagers, projection systems, electronic white boards, and communication lines. Don’t forget devices that might be at telecommuters’ homes, such as DSL routers, printers, and so forth. The move to combine resources like printers and copiers should be acknowledged, even if not yet implemented.

  • Software User software licenses, custom and off-the-shelf enterprise applications, virus protection software, network and workstation OSs, network device OS, network management applications, utilities of all types, diagnostic programs, and communication/FAX programs.

  • Data Financial records, business plans and strategies, customer and employee information, sales records (including credit card information), product designs and parts lists, inventories, production schedules, and customer and vendor contracts. Many of these could be parts of one or more databases, while others might be many individual documents in the system. Each type must be identified by its location during execution, where they’re stored online, where they’re archived offline, any backups, audit logs, and whether they’re ever transmitted over communication links. It isn’t uncommon to discover entire classes of strategic documents stored only on local hard drives.

  • People Users, administrators of all types, help desk people, and hardware maintenance.

  • Documentation and licenses For OSs, applications, hardware, systems, and administrative procedures. Don’t forget service agreements and warranties.

  • Supplies Paper, toner and ink cartridges, and batteries.

  • WAN and Internet services Contracts and service agreements for communications links, web hosting services, and related contracted services of any kind. Because these services could be in negotiation for some time, be sure to include any works in progress.

While not technically a network component and not appropriate for all companies, as previously mentioned, any company doing business over the Internet ought to consider its reputation and the trust relationships it’s developed as an asset. Any attack that damages this reputation could have serious implications for the future well being of that company and its stakeholders.


122 times read

Related news
» Security Cost vs. Risk of Loss
by alperen posted on Jul 04,2009
» What Belongs in a Network Security Policy
by alperen posted on Jul 04,2009
» The Costs of Effective Security
by alperen posted on May 06,2010
» The Network Edge Area
by admin posted on Nov 24,2008
» Conceptual View of the Internet
by alperen posted on Nov 23,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.