Now it’s time to figure out where you will measure your information risks. Talk this decision over with your key stakeholders, such as:
- Your boss
- The business owner of the high-value information assets you’re protecting
- The other people you will report the results to
- Anyone else you will request support and resources from to manage the risks you find
After you’ve spoken with all your stakeholders, set the scope of your measurements. Do you want to produce summary scores for:
- The entire organization?
- Or, just for certain regions or offices?
- Or, for a particular line of business?
- Or, just a particular information asset, regardless of location?
It’s OK for your scope to be a mix of these choices. Simply certify it’s clear.
Once you perceive the logical, structure and geographical boundaries, contrive who is to blame for performing arts the controls you wish to live.
Your start is to work out that are centralized. The solution is set by locating the individuals, processes, technologies, and management that perform the management for the complete organization. Like the company IT networking team.
Next, work out that controls are distributed. Once again, the solution is set by the situation of the individuals, processes, technologies, and management that perform the management for a particular workplace or line of business. Like the Noida office desktop support team. This isn’t a similar as a support team that operates from Noida however serves the complete organization.
Or, is it a hybrid scenario, wherever over one cluster is involved? An example is once a manager in an exceedingly remote workplace approves the creation of a brand new user account, however the account is really created by a centralized team in an exceedingly completely different a part of the organization. If so, list the teams by name.
It’s okay to raise over one person to live the management. In fact, having multiple measurements for a similar management can give you with deeper insights, as we’ll discuss in an exceedingly Part-2 post.
Whenever you get over one score for an impression, simply calculate the mean, or straightforward average, of all the scores you collected for that management.