Potrebujeme váš súhlas na využitie jednotlivých dát, aby sa vám okrem iného mohli ukazovať informácie týkajúce sa vašich záujmov. Súhlas udelíte kliknutím na tlačidlo „OK“.
Standard Practice for Assessment of Impact of Mobile Data Storage Device (MDSD) Loss (Withdrawn 2015)
Automaticky preložený názov:
Štandardná prax pre hodnotenie vplyvu mobilných dátových Storage Device ( MDSD ) Strata ( Withdrawn 2015 )
NORMA vydaná dňa 1.2.2009
Označenie normy: ASTM E2674-09
Poznámka: NEPLATNÁ
Dátum vydania normy: 1.2.2009
Kód tovaru: NS-45852
Počet strán: 4
Približná hmotnosť: 12 g (0.03 libier)
Krajina: Americká technická norma
Kategória: Technické normy ASTM
Keywords:
ECC, ECL, equipment control class, equipment control level, information security, information system, information type, personally identifiable information, PII, PLL, property, risk, MDSD, mobile data storage device, tangible asset, ICS Number Code 35.220.99 (Other data storage devices)
Significance and Use | ||||||||||||
This practice establishes a standard impact assessment methodology to enable entities to uniformly ascertain and communicate impact levels associated with the potential loss of MDSDs. This practice is not intended to prescribe specific information security policies for entities or organizations. This practice assumes that individuals and entities are following all relevant information security policies as required by federal or state law, the terms of applicable government contracts, specific agency policies such as the National Industrial Security Program Operating Manual (NISPOM), and entity-specific policies. This practice assumes, but does not require, that entities have devised and are maintaining a system of internal controls over MDSDs in accordance with the section on Management of Property of Practice E 2279. This practice assumes, but does not require, that the results of this impact assessment will inform future actions and help entities determine cost-effective property control measures for MDSDs commensurate with the potential consequences of their loss in accordance with the section on Management of Property of Practice E 2279. This practice encourages an inclusive understanding and communication of the risk associated with MDSDs and, by assigning a rating to the impact of loss, enables comparisons on this basis to other MDSDs rated using the same practice. This practice is intended to foster and enable additional standard practices related to or based on these terms and concepts. |
||||||||||||
1. Scope | ||||||||||||
1.1 This practice describes a methodology for assessing and quantifying the impact of the loss of mobile data storage devices (MDSDs), for example, thumb drives, auxiliary hard drives, and other property containing personally identifiable information or other entity sensitive information. 1.2 This practice is based on two concepts: 1.2.1 Identifying the MDSDs that pose the greatest risk to the organization based on both the information that is stored on them and the location in which they are used, and 1.2.2 Determining the impact of the potential loss of specific MDSDs. In general, this impact assessment is best practiced as a part of a larger risk management process. While this practice does not address this larger topic, it may inform other risk management standards. 1.3 This practice is intended to be applicable and appropriate for all asset-holding entities. 1.4 In accordance with the provisions of Practice E 2279, this practice clarifies and enables effective and efficient control and tracking of equipment. 1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use. |
||||||||||||
2. Referenced Documents | ||||||||||||
|
Posledná aktualizácia: 2024-11-03 (Počet položiek: 2 209 203)
© Copyright 2024 NORMSERVIS s.r.o.