[ISM3 Users] Tuesday Insight: Environments
Vicente Aceituno
vac at zenobia.es
Tue Jul 10 11:09:33 CEST 2007
Renato, Gary,
Yes, different activities require different modelling depth. The
question I try to clarify is "What is the adequate depth for Security
Management?"
>cable itself is not an "asset", but a network cable connecting
critical network components is
>clearly an "asset" when we must ensure network availability, as we
can identify threads
>against that goal (interferences, unsafe environment, etc).
If you mean individual components are an appropiate modelling level
for information systems, I disagree.
Security Management is about establishing processes, in this
particular case you could create a OSP-26 Enhanced Reliability and
Availability Management process, which would take care of single
points of failure like the one you mention.
For a manager (tactical level), you don't want to know *this
particular* cable is critical. What you want to know is "In this
environment there are 20 single points of failure, down from 25 last
quarter"
For risk assessment, individual physical assets are clearly out of the
question. Too much detail.
Vicente
More information about the Users
mailing list