Assignment:
You oversee designing the asset security for a private company that contracts work to the United States Federal Government. You deal with global entities that have locations in Europe and South America. Your organization has been the target of mysterious attacks on their networks, and social engineering attempts on their employees. There is a general sense of an ongoing attempt to monitor your networks and data transmissions. Your assets include the following:
Domain Controllers, E-mail servers, file shares, gateway network, development environment, department file shares, workstations, laptops, mobile phones, printers, desk phones, PHI data, HIPAA data, FINRA data, FISMA/FIPS data.
Your job is to formulate a plan and respond to the following:
- What is your plan to identify and classify information assets? List them in your post.
- Once those information assets are identified and classified, who owns each of them? Create a list of formal assignments of ownership in your post.
- Will you employ the use of Information Technology Asset Management, and if so, on which assets and how?
- How will you handle change management?
- How will you handle configuration management?
- How will you handle software asset management?
- How will you protect privacy?