Using the previous seven steps, we’ve determined that the probability of a loss event in our scenario is Low (somewhere between .1 and 1 times per year). Now we’re faced with analyzing loss if an event does occur.
As mentioned earlier, the username and password credentials inherit the value and liability associated with the resources they provide access to. For an HR executive, we can reasonably expect these credentials to provide access to HR organizational information (org. charts, etc.), as well as employee personal and employment information (performance data, health and medical data, address, SSN, salary, etc.). In some organizations, depending upon where the HR executive exists in the corporate hierarchy, he/she might also have access to corporate strategy data. For our scenario, we’ll assume that this executive does not have access to key sensitive corporate strategies.
| Next: | Estimate worst-case loss |
..
Leave a Reply