Identification and visualization of information assets provides overview and understanding
To classify your information including the GDPR requirements and build one common register provides a strong foundation for subsequent risk assessment and risk protection and management to protect these assets.
To accomplish this, you need to know where the information, and specifically your personal identifiable information (PII) resides. With these information assets identified you are able to assess vulnerabilities, threats and potential consequences as a basis for decisions upon protective measures and for implementing an efficient risk protection. With these steps, supported by ISO/IEC 27001, we have developed an effective methodology to help you implement this process. The classification process can be done in many ways and our tool – Veriscan vIC – will provide a support for this. It will ensure that the information asset register you build includes not only information but also information handling assets such as business systems, applications, databases, IT services, cloud services and infrastructure.
To be able to visualize and dynamically produce reports from the information asset registry, using Veriscan vIC, will give you the quick and simple overview that information owners, object owners, risk owners, CISO and various management levels require.
In this example you will see how one specific Personal Identifiable Information (PII) asset is spread and present in several different IT systems/IT services that is being deployed by an organization.
The dark grey box represents a specific information type consisting of personal identifiable information (PII) within the CRS System. This PII will be present in the internal Data Center but the same PII will also be present in the marketing Campaign System operated and running as a Cloud Service.