still thinking…
…what determines which of your information assets you protect? An information asset is any asset (in whatever form) that is valuable to an organization e.g. application, information, infrastructure and people (AIPP). Say, you have just one garage that can take just either one of your automobile - a maserati and a camel. Which one will be parked in the garage and which one will be left on street tied to a post? Human nature explains this further, have you ever reflected as to why the skull shields the brain, the teeth protects the tongue etc. In plants, the roots are covered by earth…
Simple, protection of an information asset is (and should be) based on the sensitivity and criticality of that asset. Sensitivity and criticality in turn determines what is important to you as an organization. Conversely, the reverse is also true; what is important by design becomes either sensitive or critical. A critical reflection on the example cited above explains this theory in detail. The maserati is more important to you than the camel, so it becomes sensitive requiring critical protection – the garage.
As easy as this thesis may seem, it is based on a well-thought-out (no-brainer, if you may say) pattern. Lest I forget, what is our aim? To protect our information asset. How do we achieve this? Information (asset) classification. How do we classify the information assets? This requires a bit of explanation. The chart above details the sequence of information asset classification using the example of a camel. By the way, how come it was a camel that readily came to mind as an example?
Typically, organizations don’t “just do it” – i.e. protect the information assets and/or services. They determine how best to protect using a cost-benefit approach. Off course, what is the benefit of parking the maserati in garage without locks?
No comments:
Post a Comment