This data centric exercise is intended for individuals who want to gain a better understanding of their information assets and run through a structured brainstorming guide for a Data Loss Prevention (DLP) plan in efforts to protect their data.
Ideal for those looking to gain greater situational awareness on their personal information assets.
Part A: Understand what information assets exist.
Part B: Categorize the information assets identified in part A into Low, Medium and High.
Part C: Identify where the information assets are located. [Mirrors & backups included]
Part D: Considering the sensitivity classification identified in Part B and the location of the information assets identified in Part C, create a Data Loss Prevention (DLP) plan for when the information assets are at rest, in motion, in use, or when they disposed of.
1. Inventory of Digital Information Assets and Corresponding Data Loss Prevention Plan
@LKCYBER | 2015
This data centric exercise is intended for individuals who want to gain a better understanding of their information assets
and run through a structured brainstorming guide for a Data Loss Prevention (DLP) plan in efforts to protect their data.
Part A: Understand what information assets exist.
Information Assets
List information assets in each box. Ex: Calendar, photos, videos, emails, banking documents, tax files etc…
1 (ex: Family Videos) 21
2 22
3 23
4 24
5 25
6 26
7 27
8 28
9 29
10 30
11 31
12 32
13 33
14 34
15 35
16 36
17 37
18 38
19 39
20 40
Feel free to copy, distribute and amend.
2. Inventory of Digital Information Assets and Corresponding Data Loss Prevention Plan
@LKCYBER | 2015
Part B: Categorize the information assets identified in part A into Low, Medium and High.
Classification of
Sensitivity Level
Description
High Information assets classified as high include, but are not limited to, information that
can cause significant harm to physical security, financial security and/or ability to
carry on with necessary operations.
Medium Information assets classified as medium include, but are not limited to, information
that can cause moderate harm to physical security, financial security and/or ability to
carry on with necessary operations.
Low Information assets classified as low include, but are not limited to, information that
can cause limited or no harm to physical security, financial security and/or ability to
carry on with necessary operations.
Classify the sensitivity level of each information asset identified in Part A.
1 (ex: High) 21
2 22
3 23
4 24
5 25
6 26
7 27
8 28
9 29
10 30
11 31
12 32
13 33
14 34
15 35
16 36
17 37
18 38
19 39
20 40
Feel free to copy, distribute and amend.
3. Inventory of Digital Information Assets and Corresponding Data Loss Prevention Plan
@LKCYBER | 2015
Part C: Identify where the information assets are located. [Mirrors & backups included]
Ex: Desktop, Laptop, Mobile, Cloud, External Drives etc…
Information
Asset
(From Part A)
Classification
(From Part B)
Location
(Including backups & the cloud)
Information
Asset
(From Part A)
Classification
(From Part B)
Location
(Including backups & the cloud)
1 21
2 22
3 23
4 24
5 25
6 26
7 27
8 28
9 29
10 30
11 31
12 32
13 33
14 34
15 35
16 36
17 37
18 38
19 39
20 40
Feel free to copy, distribute and amend.
4. Inventory of Digital Information Assets and Corresponding Data Loss Prevention Plan
@LKCYBER | 2015
Part D: Considering the sensitivity classification identified in Part B and the location of the information assets identified in Part C, create a Data Loss
Prevention (DLP) plan for when the information assets are at rest, in motion, in use, or when they disposed of.
Data at Rest Stored data that is not being transmitted or acted on. Ex: Backup drives, databases etc…
Data in Motion When data is being transmitted from one location to another. Ex: Email, cloud uploads etc…
Data in Use Data that is accessed by the end user on devices. Ex: Desktop, tablet, mobile, IOT etc…
Data Disposal Data that no longer needs to be stored. Ex: Discarded files, draft documents, etc…
Classification Measures for Data Protection
High
Data at Rest
Data in Motion
Data in Use
Data Disposal
Medium
Data at Rest
Data in Motion
Data in Use
Data Disposal
Feel free to copy, distribute and amend.
5. Inventory of Digital Information Assets and Corresponding Data Loss Prevention Plan
@LKCYBER | 2015
Low
Data at Rest
Data in Motion
Data in Use
Data Disposal
Notes:
Feel free to copy, distribute and amend.