ASTM_E_2674_-_09.pdf

Designation:E 2674 09Standard Practice forAssessment of Impact of Mobile Data Storage Device(MDSD)Loss1This standard is issued under the fixed designation E 2674;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This practice describes a methodology for assessing andquantifying the impact of the loss of mobile data storagedevices(MDSDs),for example,thumb drives,auxiliary harddrives,and other property containing personally identifiableinformation or other entity sensitive information.1.2 This practice is based on two concepts:1.2.1 Identifying the MDSDs that pose the greatest risk tothe organization based on both the information that is stored onthem and the location in which they are used,and1.2.2 Determining the impact of the potential loss of spe-cific MDSDs.In general,this impact assessment is bestpracticed as a part of a larger risk management process.Whilethis practice does not address this larger topic,it may informother risk management standards.1.3 This practice is intended to be applicable and appropri-ate for all asset-holding entities.1.4 In accordance with the provisions of Practice E 2279,this practice clarifies and enables effective and efficient controland tracking of equipment.1.5 This standard does not purport to address all of thesafety concerns,if any,associated with its use.It is theresponsibility of the user of this standard to establish appro-priate safety and health practices and determine the applica-bility of regulatory limitations prior to use.2.Referenced Documents2.1 ASTM Standards:2E 2135 Terminology for Property and Asset ManagementE 2279 Practice for Establishing the Guiding Principles ofProperty ManagementE 2452 Practice for Equipment Management Process Matu-rity(EMPM)ModelE 2495 Practice for Prioritizing Asset Resources in Acqui-sition,Utilization,and DispositionE 2499 Practice for Classification of Equipment PhysicalLocation InformationE 2608 Practice for Equipment Control Matrix(ECM)3.Terminology3.1 DefinitionsFor definitions relating to property andasset management,refer to Terminology E 2135.3.1.1 compliance impact,nconsequence of loss of controlcharacterized by negative compliance with applicable laws,regulations,or other relevant internal or external guidance thatdoes not rise to the level of an operational impact.(E 2608)3.1.2 consequence,nthe effect of actions(something thatlogically or naturally follows from an action or condition).3.1.3 equipment control classes(ECCs),nclassificationsor groupings of equipment based on the consequences of theloss of control of the equipment.(E 2608)3.1.4 operational impact,nconsequence of loss of controlcharacterized by negative operational impact that does not riseto the level of a personal or societal safety or security impact.(E 2608)3.1.5 organizational impact,nobjects that affect or influ-ence the capability of an entity,especially in a significant orundesirable manner.3.1.6 personalsafety/securityconsequence,nconsequence of loss of control characterized by negativepersonal safety or security impact that does not rise to the levelof a societal safety or security impact.(E 2608)3.1.7 probability,nor chance that something is the case orwill happen.3.1.8 risk,nconcept that denotes a potential negativeimpact.3.1.9 risk assessment,ndetermination of the quantitativeor qualitative value of risk related to a concrete situation and arecognized threat.3.1.9.1 DiscussionIt is considered as the initial and arecurring step in a risk management process.1This practice is under the jurisdiction of ASTM Committee E53 on PropertyManagement Systems and is the direct responsibility of Subcommittee E53.02 onData Management.Current edition approved Feb.1,2009.Published February 2009.2For referenced ASTM standards,visit the ASTM website,www.astm.org,orcontact ASTM Customer Service at serviceastm.org.For Annual Book of ASTMStandards volume information,refer to the standards Document Summary page onthe ASTM website.1Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959,United States.Copyright ASTM International Provided by IHS under license with ASTM Licensee=Ohio State University/5967164005 Not for Resale,03/10/2012 21:49:14 MSTNo reproduction or networking permitted without license from IHS-,-,-3.1.10 risk management,nstructured approach to manag-ing uncertainty through risk assessment,developing strategiesto manage it,and mitigation of risk using managerial resources.3.1.10.1 DiscussionThe strategies include transferring therisk to another party,avoiding the risk,reducing the negativeeffect of the risk,and accepting some or all of the conse-quences of a particular risk.3.1.11 societalsafety/securityconsequence,nconsequence of loss of control characterized by n