Founded in 1807, JohnWiley & Sons is the oldest independent publishing company in

Download 5,45 Mb.

Pdf ko'rish

bet	91/114
Sana	23.07.2022
Hajmi	5,45 Mb.
	#845333

1 ... 87 88 89 90 91 92 93 94 ... 114

Bog'liq
chapelle a operational risk management best practices in the

Data incidents
Theft or corruption
Loss or unvoluntary disclosure
External Causes or
Third Parties
1. Digital: Hacking, Virus
infection, phishing and
other Cyber attacks
2. Physical: Theft, social
engineering
3. Disaster, systems disruptions,
third-party failure
Internal Causes
4. Theft and transfer of
digital or physical
information by
infiltrated employee or
contractor
5. Employees leaving;
exiting with
information and IP
(mishandled exits)
Digital
6. Database loss, backup loss
7. Loss of devices by staff members
8. Errors and slips when sending
documents (email recipients or
attachments)
Physical
9. Loss of printed documents (e.g.,
bins/documents disposal)
10. Error or slips when
communicating to outsiders
11. Loss of archives
most protection. To establish this inventory, firms typically categorize their documents
according to their level of confidentiality, such as:
■
highly confidential
■
confidential
■
internal
■
public.
However, in practice the categories are fairly broad and the classification process
not always systematic and rigorous, so that documents with the same rating can have
very different levels of sensitivity and/or market value. Moreover, the categorization
makes sense only if it relates to a clear difference in the level of handling, storage
and protection. The market is increasingly moving toward a risk-based protection of
information assets, since it is broadly accepted that fully protecting all information at
all times is often too demanding and costly for a business.
The Centre for Cyber Security in Belgium recommends the following steps to
identify and categorize vulnerabilities and cyberthreats:
5
5
Cyber Security Incident Management Guide, Centre for Cyber Security Belgium & Cyber Secu-
rity Coalition, 2015. The document is a pragmatic, “how to” guide of incident management, free
access.

Information Security Risks
199
Public data & interface
Mkt sensitive
data
Model
and IP
data
Internal fin
data
Sensitive
personal data
Cyber
protection
data
Strategic
data
Internal
controls
data
Custo
m
er
data
3rd party
contracts
Other data
F I G U R E 1 8 . 1
Theoretical example of data exposure map and risk-based protection
and architecture

Download 5,45 Mb.

Do'stlaringiz bilan baham:

1 ... 87 88 89 90 91 92 93 94 ... 114