ASTM E2674-2009 评估移动数据存储设备(MDSD)损失造成影响的标准实施规程
作者:标准资料网 时间:2024-05-15 11:25:59 浏览:9844
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:StandardPracticeforAssessmentofImpactofMobileDataStorageDevice(MDSD)Loss
【原文标准名称】:评估移动数据存储设备(MDSD)损失造成影响的标准实施规程
【标准号】:ASTME2674-2009
【标准状态】:现行
【国别】:美国
【发布日期】:2009
【实施或试行日期】:
【发布单位】:美国材料与试验协会(US-ASTM)
【起草单位】:E53.02
【标准类型】:(Practice)
【标准水平】:()
【中文主题词】:
【英文主题词】:ECC;ECL;equipmentcontrolclass;equipmentcontrollevel;informationsecurity;informationsystem;informationtype;personallyidentifiableinformation;PII;PLL;property;risk;MDSD;mobiledatastoragedevice;tangibleasset
【摘要】:ThispracticeestablishesastandardimpactassessmentmethodologytoenableentitiestouniformlyascertainandcommunicateimpactlevelsassociatedwiththepotentiallossofMDSDs.Thispracticeisnotintendedtoprescribespecificinformationsecuritypoliciesforentitiesororganizations.Thispracticeassumesthatindividualsandentitiesarefollowingallrelevantinformationsecuritypoliciesasrequiredbyfederalorstatelaw,thetermsofapplicablegovernmentcontracts,specificagencypoliciessuchastheNationalIndustrialSecurityProgramOperatingManual(NISPOM),andentity-specificpolicies.Thispracticeassumes,butdoesnotrequire,thatentitieshavedevisedandaremaintainingasystemofinternalcontrolsoverMDSDsinaccordancewiththesectiononManagementofPropertyofPracticeE2279.Thispracticeassumes,butdoesnotrequire,thattheresultsofthisimpactassessmentwillinformfutureactionsandhelpentitiesdeterminecost-effectivepropertycontrolmeasuresforMDSDscommensuratewiththepotentialconsequencesoftheirlossinaccordancewiththesectiononManagementofPropertyofPracticeE2279.ThispracticeencouragesaninclusiveunderstandingandcommunicationoftheriskassociatedwithMDSDsand,byassigningaratingtotheimpactofloss,enablescomparisonsonthisbasistootherMDSDsratedusingthesamepractice.Thispracticeisintendedtofosterandenableadditionalstandardpracticesrelatedtoorbasedonthesetermsandconcepts.1.1Thispracticedescribesamethodologyforassessingandquantifyingtheimpactofthelossofmobiledatastoragedevices(MDSDs),forexample,thumbdrives,auxiliaryharddrives,andotherpropertycontainingpersonallyidentifiableinformationorotherentitysensitiveinformation.1.2Thispracticeisbasedontwoconcepts:1.2.1IdentifyingtheMDSDsthatposethegreatestrisktotheorganizationbasedonboththeinformationthatisstoredonthemandthelocationinwhichtheyareused,and1.2.2DeterminingtheimpactofthepotentiallossofspecificMDSDs.Ingeneral,thisimpactassessmentisbestpracticedasapartofalargerriskmanagementprocess.Whilethispracticedoesnotaddressthislargertopic,itmayinformotherriskmanagementstandards.1.3Thispracticeisintendedtobeapplicableandappropriateforallasset-holdingentities.1.4InaccordancewiththeprovisionsofPracticeE2279,thispracticeclarifiesandenableseffectiveandefficientcontrolandtrackingofequipment.1.5Thisstandarddoesnotpurporttoaddressallofthesafetyconcerns,ifany,associatedwithitsuse.Itistheresponsibilityoftheuserofthisstandardtoestablishappropriatesafetyandhealthpracticesanddeterminetheapplicabilityofregulatorylimitationspriortouse.
【中国标准分类号】:L64
【国际标准分类号】:35_220_99
【页数】:4P.;A4
【正文语种】:英语
【原文标准名称】:评估移动数据存储设备(MDSD)损失造成影响的标准实施规程
【标准号】:ASTME2674-2009
【标准状态】:现行
【国别】:美国
【发布日期】:2009
【实施或试行日期】:
【发布单位】:美国材料与试验协会(US-ASTM)
【起草单位】:E53.02
【标准类型】:(Practice)
【标准水平】:()
【中文主题词】:
【英文主题词】:ECC;ECL;equipmentcontrolclass;equipmentcontrollevel;informationsecurity;informationsystem;informationtype;personallyidentifiableinformation;PII;PLL;property;risk;MDSD;mobiledatastoragedevice;tangibleasset
【摘要】:ThispracticeestablishesastandardimpactassessmentmethodologytoenableentitiestouniformlyascertainandcommunicateimpactlevelsassociatedwiththepotentiallossofMDSDs.Thispracticeisnotintendedtoprescribespecificinformationsecuritypoliciesforentitiesororganizations.Thispracticeassumesthatindividualsandentitiesarefollowingallrelevantinformationsecuritypoliciesasrequiredbyfederalorstatelaw,thetermsofapplicablegovernmentcontracts,specificagencypoliciessuchastheNationalIndustrialSecurityProgramOperatingManual(NISPOM),andentity-specificpolicies.Thispracticeassumes,butdoesnotrequire,thatentitieshavedevisedandaremaintainingasystemofinternalcontrolsoverMDSDsinaccordancewiththesectiononManagementofPropertyofPracticeE2279.Thispracticeassumes,butdoesnotrequire,thattheresultsofthisimpactassessmentwillinformfutureactionsandhelpentitiesdeterminecost-effectivepropertycontrolmeasuresforMDSDscommensuratewiththepotentialconsequencesoftheirlossinaccordancewiththesectiononManagementofPropertyofPracticeE2279.ThispracticeencouragesaninclusiveunderstandingandcommunicationoftheriskassociatedwithMDSDsand,byassigningaratingtotheimpactofloss,enablescomparisonsonthisbasistootherMDSDsratedusingthesamepractice.Thispracticeisintendedtofosterandenableadditionalstandardpracticesrelatedtoorbasedonthesetermsandconcepts.1.1Thispracticedescribesamethodologyforassessingandquantifyingtheimpactofthelossofmobiledatastoragedevices(MDSDs),forexample,thumbdrives,auxiliaryharddrives,andotherpropertycontainingpersonallyidentifiableinformationorotherentitysensitiveinformation.1.2Thispracticeisbasedontwoconcepts:1.2.1IdentifyingtheMDSDsthatposethegreatestrisktotheorganizationbasedonboththeinformationthatisstoredonthemandthelocationinwhichtheyareused,and1.2.2DeterminingtheimpactofthepotentiallossofspecificMDSDs.Ingeneral,thisimpactassessmentisbestpracticedasapartofalargerriskmanagementprocess.Whilethispracticedoesnotaddressthislargertopic,itmayinformotherriskmanagementstandards.1.3Thispracticeisintendedtobeapplicableandappropriateforallasset-holdingentities.1.4InaccordancewiththeprovisionsofPracticeE2279,thispracticeclarifiesandenableseffectiveandefficientcontrolandtrackingofequipment.1.5Thisstandarddoesnotpurporttoaddressallofthesafetyconcerns,ifany,associatedwithitsuse.Itistheresponsibilityoftheuserofthisstandardtoestablishappropriatesafetyandhealthpracticesanddeterminetheapplicabilityofregulatorylimitationspriortouse.
【中国标准分类号】:L64
【国际标准分类号】:35_220_99
【页数】:4P.;A4
【正文语种】:英语
下载地址: 点击此处下载