adammontville
commented
5 years ago Inputs:
- SI: Software Inventory
- EI: Endpoint inventory
- DI: Sensitive data inventory
Operations:
- Using the sensitive data inventory, enumerate all endpoints storing, processing, or transmitting sensitive information.
- Enumerate all sensitive information active monitoring tools from the software inventory
- For each identified active monitoring tool:
- Enumerate the endpoints covered by the system
- Examine its configuration to ensure that the system is configured to:
- Monitor for sensitive information (noting appropriately and inappropriately configured systems along the way)
- Enumerate endpoints covered by all sensitive information active monitoring systems
- Complement the set of covered endpoints with the list of identified endpoints to identify all uncovered endpoints
Assumptions:
- Sensitive information monitoring systems are primarily software-based
Measures:
- M1 = List of endpoints storing, processing, or transmitting sensitive information
- M2 = List of sensitive information monitoring tools
- M3 = List of monitoring tools appropriately configured
- M4 = List of monitoring tools inappropriately configured
- M5 = List of endpoints covered by at least one monitoring tool
- M6 = List of endpoints not covered by at least one monitoring tool
- M7 = |M1|
- M8 = |M2|
- M9 = |M3|
- M10 = |M4|
- M11 = |M5|
- M12 = |M6|
Metrics:
- M9 / M8 = Ratio of appropriately configured active sensitive information monitoring tools to the total number of active sensitive information monitoring tools
- M11 / M7 = Ratio of covered endpoints to the total number of endpoints storing, processing, or transmitting sensitive information
Utilize an active discovery tool to identify all sensitive information stored, processed, or transmitted by the organization's technology systems, including those located onsite or at a remote service provider and update the organization's sensitive information inventory.
Measures
Metrics