Back to Security Pattern Catalog
: Security Pattern Space
The appropriate security plan is identified by assessing the security needs of the assets.
How can realistic enterprise security needs be explicitly identified?
Make a list of the business assets. Classify them and identify the types of protection needed.
This activity is typically performed by an enterprise architect or strategic planner.
1. Identification of Business Assets of the Enterprise
2. Identification of Business Drivers that influence security protection needs of assets.
3. Determination of relationship between Assets and Business Drivers.
4. Identification of Security Needs.
5. Creation of Security Association between Assets and Security Needs.
NIST 800-30 uses a 3x3 matrix for risk determinations.
Security Needs Identification for Enterprise Assets
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz