How To
Risk Assessment Tool: Application for Removable Device Media
An excerpt from the form that the City of London uses to decide whether or not to grant officers permission to download data onto portable media
April 22, 2008 —
Part 1: Risk Assessment Scoring
When officers at the City of London police wish to download information onto a portable media device, they must file a formal application to do so. This is the form decision-makers use to evaluate the risk with the proposed data download. (To read about how the police force uses the tool, see "How To Tell If That USB Download Is Really Worth the Security Risk.")
|
Area |
Response |
Score |
|
Amount of information |
Small <100kb |
35 |
|
Is the use of the device restricted to specific users? |
Yes |
-5 |
|
Can transfers of information be audited? |
Yes |
-10 |
|
Can the information be checked for malicious code? |
Yes |
-10 |
|
What is the classification of the information involved? |
Unclassified |
0 |
|
Can the information be easily accessed if the device/media is lost? |
Yes |
20 |
|
What are the consequences of losing the device/media? |
None |
0 |
|
How easily can the information be transferred to other devices/media? |
Easy |
50 |
|
Are there effective procedures in place that will reduce risk of misuse? |
Yes |
00 |
|
Are there effective procedures in place that will reduce risk of accidental loss? |
Yes |
00 |
Read on to see an excerpt of the City of London's benefits assessment scoring methodology.
mobile
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.



