G
G
Gudsaf2018-04-28 20:02:00
Information Security
Gudsaf, 2018-04-28 20:02:00

Is there a list of risks associated with storing information?

There are, for example, two types of solutions that allow the exchange of information.
For these solutions, it seems to me that there are the following risks when storing information:

  • information modification
  • information blocking
  • deletion of information, etc.

I think that the risks that I have identified may be incorrect, due to my ignorance. Accordingly, I would like to have the most complete idea of ​​the risks associated with the storage of information: to see some examples of how they are determined. To look at them to understand how to define them in general, what logic to follow and thus take into account not only what came to mind, but more.
Where can I peep examples of how the risks associated with the storage of information are determined?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
X
xmoonlight, 2018-04-28
@xmoonlight

Everything you need is here .

A
Alistair O, 2018-05-01
@box4

Write the essence, what does not work for you?

A
Alex, 2018-09-30
@asilonos

First of all, I want to note that the assessment of information security risks should be included in the "Information Security Program" of your company. Since the "IS Policy" section lays down the basic rules and values ​​and roles that you will then operate in the "Risk Assessment". If this is not the case, then it is necessary to assess the risks based on a certain Optimistic or pessimistic scenario.
An example methodology for calculating Risk in an information system:
1. Calculate the cost/significance of all Assets in your information system. To determine the importance of values ​​in order.
2. Identify all kinds of threats and attack scenarios. Insiders, Viruses, Competitors, Equipment failure, etc.
3. Calculate numerically the Risk for each Value in the event of each Threat. in numbers according to the formula ALE, MTD, ARO, SLE
ALE = SLE * ARO
(see my earlier posts for an example)
MTD - how long will your business last when Value XX disappears ??
ALE - how much damage in monetary terms, on average per year, will the XX threat inflict on you?
(there are a number of threats that occur naturally once a year, once every two years, etc.)
4. Thus, evaluate the most significant Threats.
5. Assess what can be done to minimize the impact of threats on the most significant Values. This means What kind of protection you need to additionally buy / install / train / check / adjust.
Perhaps in some of the solutions there will be built-in protection for some threats. At this stage, you will receive cash costs to cover the missing protection.
Or maybe you find out that you have some costs that do not depend on the type of Solution. for example, you still need to train the staff not to send the password by mail :)
Then you do such an analysis for the First decision and the Second decision and compare the monetary indicators.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question