Information Asset Valuation Schedule
Using information from the Customer Information Discovery allows our specialists to develop an
Information Asset Valuation Schedule. Information Asset Valuation relates to:
|
• Reproduction cost of the information requiring a combination of time, skill, and resources.
• The sensitivity of corporate information relating to the identity of the organization or brand.
• Proprietary, confidential or secret information status whose disclosure would result in a
financial loss.
|
|
Click to View
Sample Diagram
|
|
Information Flow Diagram
A data analysis is conducted to provide a comprehensive understanding of the information
processing structure. The analysis results are used to generate an Information Flow Diagram.
The Information Flow Diagram creates a visual representation of the path which all information
travels through in an information system. By analyzing the route of information, vulnerabilities
in infrastructure can be identified and minimized. Vulnerabilities often identified by the Information
Flow Diagram include:
|
• Network security vulnerabilities along common information pathways.
• Unresolved data residue points.
• Cookies and other session trails that are exposed.
• Deficiencies in cryptographic coverage.
• Unauthorized access points.
|
|
Click to View
Sample Diagram
|
|
Threat Matrix
The Threat Matrix is a critical output of a security audit. The Threat Matrix is
generated after gathering information from your organization through interviews,
network testing and application analysis. This matrix identifies those areas in the
application software, application environment, and user operating principles where
security risks exist. The Threat Matrix contains the following:
|
• A list of security vulnerabilities in the application and supporting
infrastructure.
• A brief description accompanying each threat provides an explanation of
how the threat may be exploited.
• The source of a potential attack.
• The information possibly effected by an attack. When used in conjunction
with our Information Asst Valuation Schedule we can generate cost
estimates of the information compromised by the attack.
• The probability of a successful attack occurring allows insignificant threats
be set aside so major threats can be focused on for further assessment.
• Countermeasures (at the conclusion of analysis) that represent industry
best practices to reduce or eliminate the threats.
|
|
Click to View
Sample Diagram
|
|
