How To
Risk Assessment Tool: Application for Removable Device Media
An excerpt from the form that the City of London uses to decide whether or not to grant officers permission to download data onto portable media
April 22, 2008 —
Part 1: Risk Assessment Scoring
When officers at the City of London police wish to download information onto a portable media device, they must file a formal application to do so. This is the form decision-makers use to evaluate the risk with the proposed data download. (To read about how the police force uses the tool, see "How To Tell If That USB Download Is Really Worth the Security Risk.")
|
Area |
Response |
Score |
|
Amount of information |
Small <100kb |
35 |
|
Is the use of the device restricted to specific users? |
Yes |
-5 |
|
Can transfers of information be audited? |
Yes |
-10 |
|
Can the information be checked for malicious code? |
Yes |
-10 |
|
What is the classification of the information involved? |
Unclassified |
0 |
|
Can the information be easily accessed if the device/media is lost? |
Yes |
20 |
|
What are the consequences of losing the device/media? |
None |
0 |
|
How easily can the information be transferred to other devices/media? |
Easy |
50 |
|
Are there effective procedures in place that will reduce risk of misuse? |
Yes |
00 |
|
Are there effective procedures in place that will reduce risk of accidental loss? |
Yes |
00 |
Read on to see an excerpt of the City of London's benefits assessment scoring methodology.
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Solving Online Credit Fraud Using Device Reputation
- Forrester Reports 321% ROI Through Device-Based Fraud Management
- Enterprise Management Associates: Taking the Botnet Threat Seriously
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
