Compromised Assets

This section describes the information assets that were compromised during the incident. “Compromised” refers to any loss of confidentiality/possession, integrity/authenticity, availability/utility (primary security attributes). Naturally, an incident can involve multiple assets and affect multiple attributes of those assets.

Variety

Question Text: What varieties (and number) of assets were compromised during this incident?

User notes: N/A

Question type: enumerated list (multi-select) for variety and text field for amount

Variable name: asset.variety (comprised of the name (string) and amount (integer) variables)

Purpose: The specific variety involved is essential to adequately describing the incident, assessing control weaknesses/vulnerabilities, determining impact, and identifying mitigation strategies.

Developer notes: The list of asset varieties is quite long. You may wish to organize them into categories (e.g., “Servers”) to aid users. The categories themselves should not be selectable.

Miscellaneous: The list is not exhaustive. It includes assets commonly used in a typical organization along with a few specialized types that, while not common, are well-known in certain applications (i.e., SCADA).

Ownership

Question Text: Who owns the asset(s) affected by this incident?

User notes: N/A

Question type: enumerated list (multi-select)

Variable name: asset.ownership (string)

Purpose: Especially interesting of late due to trends like BYOD (Bring Your Own Device).

Developer notes: >N/A

Miscellaneous: More than one can be chosen because the answer may be different for each asset involved.

Management

Question Text: Who manages (or administers) the asset(s) affected by this incident?

User notes: N/A

Question type: enumerated list (multi-select)

Variable name: asset.management (string)

Purpose: Trends over time can inform risk assessment and sourcing decisions.

Developer notes: N/A

Miscellaneous: More than one can be chosen because the answer may be different for each asset involved.

Hosting

Question Text: Who hosts (or stores) the asset(s) affected by this incident?

User notes: N/A

Question type: enumerated list (multi-select)

Variable name: asset.hosting (string)

Purpose: Trends over time can inform risk assessment and sourcing decisions.

Developer notes: N/A

Miscellaneous: More than one can be chosen because the answer may be different for each asset involved.

Accessibility

Question Text: What is the network accessibility of the asset(s) affected by this incident?

User notes: N/A

Question type: enumerated list (multi-select)

Variable name: asset.hosting (string)

Purpose: Trends over time can inform risk assessment and deployment/zoning decisions.

Developer notes: N/A

Miscellaneous: NMore than one can be chosen because the answer may be different for each asset involved.

Cloud

Question Text: If hosted “in the cloud,” was this a contributing factor to the incident?

User notes: N/A

Question type: enumerated list (multi-select)

Variable name: asset.hosting (string)

Purpose: Trends over time can inform risk assessment and deployment/zoning decisions.

Developer notes: N/A

Miscellaneous: N/A

Notes

Question Text: Enter any additional details you deem noteworthy about assets involved in this incident.

User notes: N/A

Question type: text field

Variable name: asset.notes (string)

Purpose: Catch-alls are handy

Developer notes: >N/A

Miscellaneous: N/A