Over deze norm
1.1 This practice describes a methodology for assessing and quantifying the impact of the loss of mobile data storage devices (MDSDs), for example, thumb drives, auxiliary hard drives, and other property containing personally identifiable information or other entity sensitive information.
1.2 This practice is based on two concepts:
1.2.1 Identifying the MDSDs that pose the greatest risk to the organization based on both the information that is stored on them and the location in which they are used, and
1.2.2 Determining the impact of the potential loss of specific MDSDs. In general, this impact assessment is best practiced as a part of a larger risk management process. While this practice does not address this larger topic, it may inform other risk management standards.
1.3 This practice is intended to be applicable and appropriate for all asset-holding entities.
1.4 In accordance with the provisions of Practice E 2279
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety and health practices and determine the applicability of regulatory limitations prior to use.
|Engelse titel||Standard Practice for Assessment of Impact of Mobile Data Storage Device (MDSD) Loss|