Vital Steps In Cyber Security Analysis

There are many organizations working on a medium or small scale where it is difficult to prioritize sensitive areas of the systems for prioritizations and thus the company and its systems suffer from “Security Paralysis” which is often due to the limited resources or lack of budget. While the importance of system’s safety can’t be denied, it is therefore important to understand the basic areas of protection and stepwise follow them in order to keep it protected and secure.

Security Threat and Risk Assessment

  1. Identify Assets: The primary step is to collect and analysis the areas in which the organizations are dealing and out of those identify the assets that the company could be processing like the:
  • Payment card numbers
  • Human resource data
  • Patient’s records
  • Designs
  • Security numbers, etc.
  1. Location of Assets: Next identify the location where each of your assets may be present or kept like:
    • Servers
    • Workstations
    • Phones
    • Databases
    • Laptops
    • Portable or movable medias
    • PAD’s
  1. Classify and Prioritize Assets: Once you have sorted out your assets and their locations, it is wise to have a list ready, where you would have ranked all the relevant assets in the order of prioritization, so that the relevant security threat and risk assessment can be given and carried out onto the areas most needing it. And in case of breaches, the evaluation of damage has done can be easy. For example here is a 1-5 scale list:
    1. Public Information: for example the contact knowledge, the concluded monetary reports, etc.
    2. Internet – NON-Secret data: it includes the phone lists, charts, polices, office rules and regulations data, etc. 
    3. Sensitive information: it includes the planning, strategies, non-disclosure agreements terms, etc. 
    4. Internal information: these are the layoff plans, internal information, etc. 
    5. Regulated Data or information: It includes the data like ‘Patient’s information, classified data or information etc.
  1. Modeling Exercise: in order to cover the security threats and risk assessment use the all-time famous “STRIDE-methods” of Microsoft.

Spoofing of the Identity

Tampering with the Data

Repudiation of the Transactions

Information Disclosure

Denial of the Services

Elevation of the Privileges

  1. Finalization and Planning: It is the last and final step once you have carried out all the above-mentioned steps. So that a cost effective safety method can be implemented.