Background scenario: overseeing the designing of asset security for a private company that contracts work to the United States federal government. You deal with global entities that have locations in Europe and South America. Your organization has been the target of mysterious attacks on their networks, social engineering attempts made on their employees, and there is a general sense that there is an ongoing attempt to monitor your networks and data transmissions. Your assets include the following: domain controllers, e-mail servers, file shares, gateway network, development environment, department file shares, workstations, laptops, mobile phones, printers, desk phones, PHI data, HIPAA data, FINRA data, and FISMA/FIPS data.
Instructions:
This document is to formulate a plan and respond to the following:
• List what the plans are to identify and classify information assets?
• Once those information assets are identified and classified, who owns each of them? Create a list of formal assignment of ownership.
• Will you employ the use of Information Technology Asset Management and if so, on which assets and how?
• How to handle change management?
• How to handle configuration management?
• How to handle software asset management?
• How to protect privacy?