Problem solve Get help with specific problems with your technologies, process and projects.

Resources for conducting an Information Asset Analysis

I would like to complete an Information Asset Analysis so that our company can establish: (1) What systems exist in some 40+ locations, (2) Who are the owners/custodians of these systems, (3) Whether these systems are accessed by other systems/remote users and (4) What security controls exist to safeguard electronic patient health information.

This is step one in organizing an enterprise security program. Can you please help me identify methodologies, forms, documents that would be useful in conducting such an analysis?

I would recommend taking a look at the OCTAVE methodology. This is a methodology established by the CERT Coordination Center that stands for Operationally Critical Threat, Asset and Vulnerability Evaluation. It is a framework/approach for performing your own information risk assessments. Check out http://www.cert.org/octave for more information.

There's also an excellent book that goes into even more detail on OCTAVE that you might benefit from titled "Managing Information Security Risks: The OCTAVE Approach" by Christopher J. Alberts and Audrey J. Dorofee.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Executive Security Briefing: Explaining the risk management process
  • Best Web Links: Security Policy & Infrastructure

  • Dig Deeper on Data Center jobs and staffing and professional development

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.