- The main problem is digital assets are currently unsecured allowing for unwanted access and exfiltration of sensitive data resulting in major losses (IP or proprietary information) and major costs (detection, notification, data recovery, legal) to the organization.
- IT has a limited budget to secure their digital assets from an increasingly more persistent and complex cyber threat. Data needs to be secured in multiple areas, across multiple mediums, but under budget restrictions causing jeopardizing security trade-offs.
Our Advice
Critical Insight
- Conventional asset security attempts to secure the data and information in a static, case by case method: secure data residency, then where it is processed, then on the end point and so on.
- To be truly effective and optimize your security spend, a life cycle approach must be adopted that secures the entire life of the digital asset.
- All assets need to be looked at together and across all touch points to create an asset security system dedicated to preventing data theft or leaks, while also focusing on doing the most with the least.
Impact and Result
- Create a holistic understanding of your organization's digital asset status and maturity level.
- Secure your organization's digital assets in an optimal way to achieve the greatest benefit within your constraints.
Workshop: Build an Optimal Digital Asset Security Services Plan
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Asset Identification, Evaluation, and Critical Asset Lifecycle Analysis
The Purpose
- Comprehensively identify all digital assets within the organization and classify them based on enterprise value.
- Find out which need to be secured based on their value as determined by the enterprise.
- Classify the organizations digital value to realize what is most important to the sustainability and viability of the organization.
Key Benefits Achieved
- Identify all relevant assets to the organization.
- Arrive upon a final enterprise value of each asset based from a comprehensive evaluation.
- Realize the complete life cycle nature of digital assets through touch point identification and medium cross over.
Activities
Outputs
Identity your enterprise risk tolerance level
- Enterprise Risk Tolerance
Identify your digital assets
- Asset Identification
Evaluate the enterprise value of the data to the organization
- Asset Value Determination
- Value Determination Results
Swim lane analysis of critical assets
- Life cycle Analysis
Module 2: Current Security Assessment and Gap Prioritization
The Purpose
- Realize the benefit of data life cycle analysis.
- Understand actual movement of your digital assets.
- Document and identity life cycle movements of digital assets.
Key Benefits Achieved
- Analyze current asset security systems in place to gain hard understanding of how assets are currently secured.
- Identify the current requirements of asset security based on architectural, organizational, and security requirements.
- Prioritize gaps and solutions based on importance, achievability, and the enterprise determined risk tolerance level.
Activities
Outputs
Current Asset Security Analysis
- Current Assessment
Risk Tolerance Identification
Enterprise Requirements Understanding
Gap Identification
- Gap ID and Prioritization
Gap Prioritization
Module 3: Asset Security Optimization Plan
The Purpose
- Evaluate your current digital asset security measures to understand your current capability and maturity levels.
- Determine your starting point of asset security effectiveness.
- Identity your security gaps.
- Prioritize your security gaps.
Key Benefits Achieved
- Create an action plan that secures the organization's digital assets, meets the organizations requirements, aligns with its priorities, and increases its dollar spend effectiveness.
- Effectively implement each security system ensuring high end-user acceptance and senior management buy-in.
Activities
Outputs
Encryption Implementation
- Optimization Plan
DLP Implementation
Endpoint Security
End-User Education
Web Application Firewall, Application Penetration Testing and Cove Verification Implementation
Module 4: Asset Security Governance Plan
The Purpose
- Develop an asset security action plan to effectively meet your asset security requirements.
- Develop and establish asset security requirements for implementation and completion.
- Ensure sustainable asset security.
Key Benefits Achieved
- Creation of a governance plan to ensure sustainable asset security through effective maintenance and revision.
- Keep up to date with new asset threats.
- Determine when to review and when to revise.
- Measure success continually.
Activities
Outputs
Asset Security Governance Plan Creation
- Asset Security Governance Policies
Device inventory process
- Device Inventory Process
Threat intelligence sharing program
- Ownership and Responsibility Allocation
Ownership and responsibility allocation
- Review or Revision Trigger
Review and revision process creation
- Threat Intelligence Program