Overview The purpose of an IT asset identification and asset classification exer

Question

Overview

The purpose of an IT asset identification and asset classification exercise is to protect privacy data and implement security controls. Identifying where privacy data is accessed throughout an IT infrastructure or outside of its protected environment is important. In this lab, you created an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure performed asset identification and classification exercise, explained how a data classification standard is linked to customer privacy data and security controls, and identified where privacy data resides and what security controls are needed to maintain compliance.

-What is the purpose of identifying IT assets and inventory?

-What is the purpose of an asset classification?

-Why might an organization’s website classification be minor but its e-commerce server be considered critical for your scenario?

-Why would you classify customer privacy data and intellectual property assets as critical?

-What are some examples of security controls for recent compliance law requirements?

-How can a data classification standard help with asset classification?

-Given the importance of a Master SQL database that houses customer privacy data and intellectual property assets, what security controls and security countermeasures can you apply to help protect these assets?

-From a legal and liability perspective, what recommendations do you have for ensuring the confidentiality of customer privacy data throughout the Mock IT infrastructure?

-What can your organization document and implement to help mitigate the risks, threats, and liabilities typically found in an IT infrastructure?

-True or False: Organizations under recent compliancy laws, such as HIPAA and the Gramm-Leach-Bliley Act (GLBA), are mandated to have documented IT security policies, standards, procedures, and guidelines.

-Why is it important to identify where privacy data resides throughout you IT infrastructure?

Explanation / Answer

Q)What is the purpose of identifying IT assets and inventory?

It helps identify areas of potential risks

Q)-What is the purpose of an asset classification?

The purpose of an asset classification is to evaluate the health of the company by examining how well each of the company's type of assets is performing

Q)Why might an organization’s website classification be minor but its e-commerce server be considered critical for your scenario?

Because with FERPA, it gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records

Q)Why would you classify customer privacy data and intellectual property assets as critical?

Customer privacy data are critical because without the customers the business will not survive. Once the customer’s data are breached, that business entity would lose that customer. We believe Intellectual property rights are worth protecting, both domestically and abroad because with Intellectual property, it contributes tremendously to our national and state economies. Our economy rely on the rigid security enforcement of their patents, trademarks, and copyrights, while consumers use Intellectual property to be sure they are purchasing products that are guaranteed by the industry standard and safe if we use those products

Q)What are some examples of security controls for recent compliance law requirements?

Information and Related Technology (COBIT): This is a framework and supporting toolset that allow management to bridge the gap with respect to requirements of control, issues that are technical and business risks, and communicate that level of control to all stockholders. COBIT can be used to integrate other standards as an umbrella framework

Q)
How can a data classification standard help with asset classification?

Data classification can help an organization meet legal and regulatory requirements for retrieving specific information of the assets

Q)Given the importance of a Master SQL database that houses customer privacy data and intellectual property assets, what security controls and security countermeasures can you apply to help protect these assets?

Setup securities policies and software to prevent SQL injection. Implement a policy to keep the database to only be online when in use and by limiting access to database

Q)From a legal and liability perspective, what recommendations do you have for ensuring the confidentiality of customer privacy data throughout the Mock IT infrastructure?

Authentication, Authorization, security checkpoints (Both physical and virtual), Heavy DMZ allocation, Complete auditing abilities including full logs

Q)What can your organization document and implement to help mitigate the risks, threats, and liabilities typically found in an IT infrastructure?

Risk Control Types, Risk Assessment, Using Organizational Policies to Reduce Risk

Q)True or False: Organizations under recent compliancy laws, such as HIPAA and the Gramm-Leach-Bliley Act (GLBA), are mandated to have documented IT security policies, standards, procedures, and guidelines

False, all companies are mandated to have documented IT security policies, standards, procedures, and guidelines

Q)Why is it important to identify where privacy data resides throughout you IT infrastructure?

To ensure that proper security measure are in critical and important locations protecting privacy information elements

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.