Assets - knowing where your stuff is at


This is the Tower of London. I was recently passing and took a snap, but pondered "why is it surrounded by so much security?"...

Well, presumably because it contains the "crown jewels", somebody has assessed the risks and put in the appropriate controls to try and stop something bad happening.

Too many times I hear and read about controls, buying this and that to stop this and that. But, not much time is spent on the thing you are trying to protect, the asset. And, where that asset is, who can (needs to) access it, why you need it, how long you need to keep it, and whether it moves around.

I suspect with the new General Data Protection Regulation (GDPR) you are going to be forced to answer these questions. Even if you are not in the European Union (EU).

The case for the Tower of London is relatively simple as it involves a physical asset, but when you are considering electronic information it is less simple to just know where it is. Consider one email with a CV in it.

The story of the lonely CV

"Have you got the CV for that new applicant?" barks Tim.

"Yes, I will send you a link to the recruitment system" replies Sam.

"I don't have my work laptop, send it to my home gmail account and I can quickly look on my iPad" replies Tim.

Meanwhile in the compliance office...

"We completed the review of personal data, and I can confirm it is all contained in our recruitment system" states Pamela.

Oh...


Next time you are considering controls, have a think about where the asset (information) is. Give it a go and let me know how you get on.

Keep well.

Adam

Comments

  1. Anonymous24 March 2017 at 07:47

    Good point - people often spend a lot of time thinking about what is or might be attacking them and how to defend against it - but not much point in having 50 foot high walls, if the thing you are trying to protect can be moved outside of them!

    ReplyDelete

Post a Comment

Popular posts from this blog

Bad things happen - about going without

Image
If you plot out the timeline of your life, have bad things happened and are they likely to happen in the future? I am going to guess yes to both of these, unless you are Mary Poppins. W hy then do you get angry, disappointed, annoyed, when bad things happen? They will happen. Here is a scientific diagram that proves it!: 'Our anger and annoyance are more detrimental to us than the things themselves which anger or annoy us' - Marcus Aurelius All this in mind, what is the worst thing that can happen to you? Your toast falls face down Your credit card details get hacked Someone says something bad about you on Twitter Losing your job (bit careless) Injury Death Immortality But don't worry. The obsession right now is to protect people from all these things, to have insurance, credit card fraud cover, class actions, the crowd that stands against offense, and the ongoing halting of inevitable death (the 'fight' against death). I would argue immortal...
Read more

The end of them

I woke up early on Saturday morning, to shouting. My son, Alex, had electrocuted himself after consulting with Alexy. The recruiting process at our firm had to be accelerated, the CEO was pushing growth, growth, growth. So my mind was on other things - we needed help. My son seemed ok, so I wrote my idea down on how we could accelerate growth, starting with using outside recruitment agency StarHire. My friend, James, knew the CTO well, they seemed good. Email sent. Only two weeks later, Alf joined our development team along with 41 other recruits, wow, StarHire, and now me, really were stars! The direct access to our recruiting system paid dividends. Not enough disk space... damn... Alf cursed. Time for a clean up. The first we knew was when our daughter called to say her boyfriend, Petey, was no longer with us. Something about something falling from the sky!? Then the news reports started coming in, people injured and dying from something falling from the sky, described as very severe...
Read more