InfoSecMinds

For like-minded people

Archive for category Risk Assessment

Service Asset – A Requirement or Duplication

Jul 5

Posted by Vinod Puthuseeri in Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 2 Comments

It just came up recently while discussing with one of my friend, the need for capturing service assets as a part of asset inventory which will be used further for risk assessment exercise.

In a normal scenario, everyone uses a template that captures assests under different cateogories, viz

  • Information Asset – deals with electronic and paper based data
  • Hardware Asset – includes all your hardware, cupboards, safe, etc
  • Software Asset – includes all software’s used or implemented in the organization.
  • Service Asset – services that a department avails from the organization
  • People Asset – talks about people / employees

 Now the discussion went like this:

Read the rest of this entry »

Tags: , ,

Security Breach – Who's responsible?

Jan 27

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 4 Comments

The very first lesson taught to me in my computer classes where “A computer is as smart as you are” and this statement holds good even today. For the computer would do only that a person would want it to do. The only advantage a computer has over human is that of speed and storage capacity.

While looking at various aspects of data loss, the end reason always point to “PEOPLE”. The above statement holds good not only because there are data loss (which is now the high rated security risks), even if you look at any frauds that has happened in the recent past, everything has been manipulated by “HUMAN”. No matters what standards are adopted, what stringent rules are set in an organization, frauds still happen.

Read the rest of this entry »

Tags: , ,