January 25, 2018 •Jason Dell
ASSESS YOUR ASSETS AND RISKS
This is the first installment in a 4 part series that will give you a playbook for developing the foundation for a security strategy. NSI's Lead Security Engineer, Jason Dell, is a highly certified engineer that has been with NSI since 2002.
We read, see, or hear about cybersecurity problems all the time. It seems like every day there is something in the news about a new high-profile vulnerability that has been discovered, or of a company that has been compromised with disturbing and wide-impacting results.
Often times, individual research yields a plethera of confusing and off-putting terminology that causes heads to spin and eyes to glaze over. Turning a blind eye to cybersecurity is irresponsible and risky, but understanding it all can be a daunting task. Here we will give you a framework for a security policy.
NSI will help to break it all down in this blog series on how to develop the right security strategy!
IDENTIFYING YOUR DATA ASSETS
Before you invest in cybersecurity, let’s justify investing in cybersecurity. That means stepping back from considering the security products or services that you may already have in place and identifying what exactly it is that you are trying to protect. There may be little justification for investing in security products that do not effectively protect your data assets.
Data assets are the data repositories that you have or the services that you provide that are critical to the success and growth of your business. Compromise to your data assets could have a negative impact (or a crippling impact) on your business.
Some examples of data assets are as follows:
- Account numbers
- Patient records
- Personally Identifiable Information (PII)
- Intellectual property (IP)
- Employee records
- Student records
Follow along with a free Asset & Risk Template Below.
RISKS
Now it’s time to consider and list out the risks to these data assets. What could possibly go wrong if your data is compromised?
Examples of risks to your data assets may include the following:
- Theft
- Corruption
- Being held for ransom
IMPACT
Now for the uncomfortable part of the exercise. Consider the impact if you data assets are compromised.
Examples if impacts of corruption to you data assets:
- Damage to reputation / damaged image
- Decreased growth
- Decreased cash flow
- Decreased customer acquisition
- Decreased customer retention
- Law suites
- Remediation costs
- Accountability (who takes the fall?)
WHAT'S NEXT?
The information that you have collected above needs to be re-evaluated periodically (at least annually) to make sure that you are still on target. In coming blog posts, we will discuss creating a written security policy. We will discuss identifying and evaluating the efficacy and validity of your current controls. We will discuss the modern security technologies that are available to mitigate the risks to you data assets.
Then we will wrap up the series by identifying the solutions that fit the security technologies necessary to reduce the risk to your data assets, and to discuss how security solutions should work together as a security system. See a theme here? The point is to keep your data assets as the focal point of your security solution. Every component of your security solution should be able to be mapped back to your data assets.