Conducting Asset Identification, Threat Analysis, and Security Controls Time Required: 45 minutes
Objective: Learn to apply risk assessment concepts.
Description: A first step in risk analysis is identifying the assets you need to protect. In this project, you identify assets and perform a threat analysis of your environment. Your instruc- tor will set the boundaries of the environment. Your task is to conduct a thorough, objective assessment of assets in your classroom, and then to prioritize the assets and propose ideas for safeguards. This activity can be done individually or in groups.
1. Create a chart with four columns. Label the columns Asset, Threats, Probabilities, and Security Controls. Be sure to leave enough room for your notes.
2. Starting at the classroom door, begin writing down assets. Write a short description of each asset in the Asset column, such as "student computer."
3. After you have listed all the assets in your classroom, assess the threats. Starting with the first asset listed, write down threats that could damage or destroy each asset. Examples of threats include a leaky roof, exposed wires, and food or drink that could
spill. Be sure to look in all directions, including the ceiling. Be sure to note drop
ceilings or false floors because they are a potential point of access for intruders.
4. Next, examine the probabilities of a threat occurring. Use the information in Table 13-2 as a guide. For example, if you listed a leaky roof as a threat and you live in an area with frequent rainfall, the probability of that threat occurring and causing damage is high. If you live in an arid desert climate, that probability is not as high.
5. Next, determine security controls to reduce threats. Beginning with your first asset, look for ways to manage risks to it, and write down safeguards. If the roof is leaking above an expensive computer, the cost of repairing the roof might be warranted, but simply moving the computer reduces the risk and is more cost effective. On the other hand, if the power supply to the server room is prone to fluctuations that could damage delicate electronics, investing in uninterruptible power supplies (UPSs) or a generator could be less expensive than replacing damaged equipment. Remember that the priority level determines the investment in security.