Considerations:

What are your important assets?

• SAP
• ERP
• CRM
• BizTalk
• Financial Applications
• Ultimus Applications
• Payroll (included in financial systems)
• Inventory (included in financial systems)
• SQL databases
• Quickbase databases (Internet services)
• Greatplains databases
• Kronos databases
• Call Center Software
• Remedy (Ticketing System)
• Heat (Ticketing System)
• Internet Websites
• Intranet Websites
• Country Offices
• Exchange / E mail (mobile access)
• Building Security System
• PBX Telephone Switch
• Shared Drives
• Department. Drives
• Vendor Partners
• Outside e-mail lists
• MS Documents
• Access databases
• Business and Technology reports
• Technology assets (hardware / software and licensing)
• FTP sites
• Media Assets
• Scanned, Printed, and Faxed documents
• Hand written notes
• Instant messaging
• Voice messages

Are there any other assets that you are required to protect (e.g., by law or regulation)?

• Customer data
• SOX Information
• PCI information
• Employee Information
• HIPAA
• PII

What related assets are important?

• ISP: AT&T, Qwest, VzB, Sprint, L3
• Internet Service providers for field offices
• Software vendors
• Banking System
• Back-up tapes

From the assets that you have identified, which are the most important?

What is your rationale for selecting these assets as important?

• SAP
• Financial Systems
• Corporate website
• SOX

The following are action items that are apart from the Protection Strategy and Mitigation Plan (not in priority order):

• Sensitive data on the website
• Single points of failure (Switches, SAN)
• Firewalls, IDS and other countermeasure technologies
• Data other than in SAN (Access DBs, Excel, paper, Client PCs, department public drives))
• Partner country independent activities
• Social engineering
• Printer in IP
• Password policy and enforcement
• Access rights
• Application passwords (stored in clear)
• NT 200x in shipping
• Laptop firewalls, remote access
• Hackers
• Terrorists

www.bestitdocuments.com