Q

Resources for conducting an Information Asset Analysis

This Content Component encountered an error

I would like to complete an Information Asset Analysis so that our company can establish: (1) What systems exist in some 40+ locations, (2) Who are the owners/custodians of these systems, (3) Whether these systems are accessed by other systems/remote users and (4) What security controls exist to safeguard electronic patient health information.

This is step one in organizing an enterprise security program. Can you please help me identify methodologies, forms, documents that would be useful in conducting such an analysis?


I would recommend taking a look at the OCTAVE methodology. This is a methodology established by the CERT Coordination Center that stands for Operationally Critical Threat, Asset and Vulnerability Evaluation. It is a framework/approach for performing your own information risk assessments. Check out http://www.cert.org/octave for more information.

There's also an excellent book that goes into even more detail on OCTAVE that you might benefit from titled "Managing Information Security Risks: The OCTAVE Approach" by Christopher J. Alberts and Audrey J. Dorofee.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Executive Security Briefing: Explaining the risk management process
  • Best Web Links: Security Policy & Infrastructure


  • This was first published in June 2004

    Dig deeper on Data Center Jobs and Staffing and Professional Development

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseLinux

    SearchServerVirtualization

    SearchCloudComputing

    Close