One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1779385 |
| Date de publication | 2020-03-29 22:03:55 (vue: 2020-06-29 11:00:30) |
| Titre | NBlog March 29 - NZ lockdown day 4 of N |
| Texte |  Yesterday I wrote about exploiting/making the most of opportunities that arise in a crisis. Here's an example - using COVID-19 as an analogy to help explain a concept.A question came up on the ISO27k Forum about how to handle 'primary and secondary assets' in the risk assessment processes described by ISO/IEC 27005. This is my response ...“Primary assets (business processes and activities, information) … usually the core processes and information of the activity in the scope” [ISO/IEC 27005:2018 section B.1.2] are the focal point: that's what we need to protect. However, in order to do that, we also need to take care of other matters, including the supporting/enabling information systems, networks etc. Those have someintrinsic value (e.g. used but now redundant servers can be upgraded, redeployed, sold or scrapped) but their main value relates to their roles in relation to the primary assets.A topical analogy is “health” – an asset we all need to protect. ]For virtually everyone, it's clearly primary - #1, The Most Important Thing Of All. There are many threats to our health (not just coronavirus!) and we have many vulnerabilities (e.g. we need to breathe, we have mucosa, we need to interact with the world around us to gather essential supplies …), while the impacts of health incidents are many and varied (from 'feeling a bit off colour' to death). We can't directly protect “health” (which is intangible and cloudy), but we can work on various related aspects that, in turn, support good health – like for instance staying out of range of coronavirus and flu sufferers coughing and sneezing; staying well nourished; exercising to maintain physical fitness; thinking about hard stuff like this to maintain mental agility; being vigilant for the symptoms of poor or deteriorating health; having the health services, docs, drugs, respirators etc. to increase our ability to survive disease etc. In infosec terms, that's a blend of preventive, detective and corrective controls designed to protect our continued integrity and availability |
| Envoyé | Oui |
| Condensat | NoVal |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.