Options
Help - Data classification - Risk Assessment
Hello All,
I have studied Risk Management and Asset classification and trying to apply those concepts together but finding it difficult to decide if that is appropriate. The major difficulty in understanding is if Classification of assets & data and risk acceptable levels are defined right after asset evaluation or we do risk analysis for all the assets in an organization and and then classify the assets and data.
Please help me in validating the same and if below flow of my understanding sounds appropriate.
Once the policy has been initiated by Senior Management on performing Risk Management :
1. Identify all the assets and evaluate the assets. Role : Security Professionals.
2. Classify the assets and data to be protected based on evaluation and define acceptable risk level. Role :Data Owner / Senior management
3. Once the assets are classified, identify threats and vulnerabilities and perform the risk analysis. Role :Security Professionals
4. safeguard recommendation along with cost benefit analysis is performed . Role : Security Professionals.
5. Countermeasure selection and risk choices are made ( acceptance, mitigation, etc). Role: Senior Management.
6. Develop the design and procedure for implementation of security solutions. Role: Security Professionals.
7. Deploy and maintain the security Solution . Role : Data custodian.
8. Audit the controls . Role: Auditor.
Thanks,
I have studied Risk Management and Asset classification and trying to apply those concepts together but finding it difficult to decide if that is appropriate. The major difficulty in understanding is if Classification of assets & data and risk acceptable levels are defined right after asset evaluation or we do risk analysis for all the assets in an organization and and then classify the assets and data.
Please help me in validating the same and if below flow of my understanding sounds appropriate.
Once the policy has been initiated by Senior Management on performing Risk Management :
1. Identify all the assets and evaluate the assets. Role : Security Professionals.
2. Classify the assets and data to be protected based on evaluation and define acceptable risk level. Role :Data Owner / Senior management
3. Once the assets are classified, identify threats and vulnerabilities and perform the risk analysis. Role :Security Professionals
4. safeguard recommendation along with cost benefit analysis is performed . Role : Security Professionals.
5. Countermeasure selection and risk choices are made ( acceptance, mitigation, etc). Role: Senior Management.
6. Develop the design and procedure for implementation of security solutions. Role: Security Professionals.
7. Deploy and maintain the security Solution . Role : Data custodian.
8. Audit the controls . Role: Auditor.
Thanks,