Asset Inventory Identify the information assets that exist in your organization. If you work for a large organization, refer only to your own department. Conduct an information asset inventory on your organization using the Asset Inventory and Risk Assessment Table located on the student website. Include information assets from the following general asset categories:
Complete the first six columns of the matrix and the annual rate of occurrence (ARO) column. Conduct a threat analysis for five Monday 10
selected assets, one from each of the asset areas listed above. List each threat with its associated asset in the matrix. Estimate the ARO for each threat.
Write a 1100-1400 word paper that discusses the top risks faced by the company and the strategies that should be taken to mitigate them. In your findings, discuss the following:
- Describe how you determined the values for the assets you have listed. The valuation process must take into account the value the company would lose should the information asset be lost, modified, or destroyed. Discuss the vulnerabilities that led you to list the threats. Identify which threats you consider serious and which ones you consider not serious. For your conclusion, describe how this assignment has changed your view on the value of information in the summary of your paper.
Hi, here is the Inventory Asset. I know that time is short for you. Please let me know of any updates or changes you would like made. Thanks. I hope to work with you again.
Risk Management according to the Certified Information Systems Auditor's manual "...is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization."
The first step in developing a Risk Management Program, is to perform a Risk Assessment, designed to assess the value of assets, the risk of losing those assets and determining the threats to those assets. A Quantitative Risk Assessment will produce the magnitude of the potential loss and the probability that the loss will occur. Risk therefore is expressed as R=p(L) where R=Risk, p=Probability of Loss and L=magnitude of loss. From this information a Risk Management Program can be developed. The Risk Assessment helps to determine which assets are most value, face the greatest threat and where the threats lie.
Information Technology Assets can be divided into 3 categories:
1) Infrastructure-The hardware and software, including network equipment, etc that makes up the IT department.
2) Human Resources-The users, administrators and other employees that make up the IT department.
3) Data-The information that the company uses to run their business.
Each of these asset categories has its own risks and threat types.
Asset inventory identification are examined.