In the private and public sectors, owners of services and/or assets are responsible for the protection of items or infrastructures used to deliver goods and services. For each of the following assets, identify the sector or sectors and the responsibilities of each sector as it relates to each hypothetical asset. Additionally, for each of the following assets, assign an owner, explain his or her responsibilities, and identify IT threats with regard to protecting the asset.

the state in which you live, the city in which you live, the house in which you live, the car you drive, and the computer you use.

Answer:

Asset Security Policy:

• The main aim of such security policies is to safeguard and protect the assets in an organization or residence.
• Any organization can have a variety of assets that should be protected at any cost. 
• Assets add to the value of an organization.

Assets to be protected (Hypothetical 'as mentioned in the question'):

• Computer
• Networks
• House
• Financial records
• Employees
• Sensitive data

Computer:

Owner:  

The owner can be the public or private sector. As many individuals own their personal computers. And many government offices have computer systems. 

Responsibilities:

Some of the responsibilities of the owner of a computer are:

• To keep the system updated
• To install anti-malware software
• Backing up the data

IT threats:

Some possible IT threats are as follows:

• Social Engineering attacks
• Virus and other malicious codes 
• Server attack, such as SQL injection

Financial records:

Owner:  

The owner of this information can be the public or private sector. Many private financial companies use this information. Some public banks also use this data.

Responsibilities:

Some of the responsibilities are as follows:

• Data protection
• Removing redundancy
• Securing servers
• Performing audits

House:

Owner:  

The owner of this information can be the private sector. 

Responsibilities:

Some of the responsibilities are as follows:

• Keep the systems updated
• Maintenance of all automated systems
• Keeping computer systems away from any unknown outside networks.

IT threats:

Some IT threats are as follows:

• Malfunctioning of IoT technologies in house
• Hacking of automatic systems
• Malicious software/code

Networks:

Owner:  

The owner can be the public or private sector. As many individuals own their personal wi-fi networks. And many public sectors provide these services as well. 

Responsibilities:

Some of the responsibilities are as follows:

• Secure gateways
• Firewalls installation
• Proper network monitoring 

IT threats:

Some IT threats are as follows:

• Attacks such as DOS, Inbound connection.
• Leakage of information via different hacking techniques.

Employees:

Owner:  

The owner can be the public or private sector. As many employees are hired by private as well as public sectors.

Responsibilities:

• To provide equal opportunities to all the employees.
• Good environment
• Follow all IT policies and guidelines for safety.

IT threats:

• Technological compatibility
• Possibilities of Attack on PDAs
• Danger to office devices while working under BYOD policy
• Week credentials 

Sensitive Data:

Owner:  

The owner can be the public or private sector. Many public and private sectors use the personal information of consumers for their processes.

Responsibilities:

Some of the responsibilities are as follows:

• Information security policies
• Encryption techniques
• Server security

IT threats:

Some IT threats are as follows:

• Leakage of information
• Server attacks

State and city:

States and cities come under Government bodies. The main role of the government here is to protect the state and cities from any type of cyberattacks. The neighboring states or cities may try to hack sensitive information. 

Responsibilities: 

• Implementation of law and policies related to security
• Adopting encryption techniques

IT threats:

• Hacking of information
• Leakage of information related to national security

Asset protection policy:

Many assets are common to both the public and private sectors. Implementing these policies in a proper way can help in reducing the possible litigation risks in the organization. 

The policies are intended to protect and maintain the reputation of the organization by preserving confidentiality. Both these sectors should protect the assets against the following threats: 

IT Threats:

Identification: Risk management helps in reducing the facilities and exposure planning for business continuity and disaster recovery. When the identification of the risk is done and according to that the mitigation action is taken then the business continuity plan focuses on the attacks or threats that are out of control.

Some common IT threats are as follows:

SQL Injections: 

• SQL injections are generally intended to get access to server data and other sensitive information. 
• The attacker may take advantage of any vulnerabilities in the server.

Loss of data:

• Data stored on the server shall remain secure. 
• The company whether it be public or private can face huge challenges. 
• The attacker can misuse the information in any possible way.

Network threats:

Some of the vulnerabilities in the network connections might give rise to attacks such as DOS or MITM. These vulnerabilities must be addressed by the user to avoid such attacks. 

DOS: The attack takes place by overloading the networks or systems with a number of login attempts, repetitive tasks, or data requests. Network or system infected with malware is common for DDoS and DoS attacks. 

Malware:

• It is malicious software. 
• There are many different types of malware available.
• A malware can encrypt the server or all the files of the computer. 
• It can be spread easily through the network. 
• It can attack through mails which affects the system to use

Social engineering attacks:

• It can be referred to as a technique using which one can have access to the private information of individuals by exploiting errors.  
• These are human hacking techniques.

Some common types of attacks are as follows:

• Phishing.
• Pre-texting.
• Baiting.
• Tailgating. 

Responsibilities that should be taken by both sectors: 

Personnel Responsible:

• The Chief Information Officer and the Chief Technology Officer will frame the policies. 
• The IT team can help in executing the Virtual security policies. 
• The team members also play an important role in implementing these policies.
• Some individuals are also responsible for protecting their personal assets. 

Required training: 

• The IT department should be trained to perform risk analysis in a proper way. 
• The team members should be made aware of possible risks and issues and the ways of handling them.
• These sectors can also hire technicians for providing security to the assets. 
• Technical training can be provided for better implementation of the policies. 
• Individuals owning personal assets must take possible care of them. 

Network Administrator in public/private sectors:

• Configuring networks
• Troubleshooting
• Upgrading network's configuration 
• Deploying firewalls

Security Manager in public/private sectors:

• Making plans for better security.
• Prioritizing the assets
• Creating security policies. 

References:

Ganti, A. (2021, May 24). Asset Management Definition. Investopedia. https://www.investopedia.com/terms/a/assetmanagement.asp#:~:text=Asset%20management%20is%20the%20direction,available%20to%20the%20average%20investor. 

Risk Management, Business Continuity & Disaster Recovery - C2. (2021). Retrieved 04 June 2021, from https://continuity2.com/business-continuity-blog/what-are-the-relationships-between-risk-management-business-continuity-and-disaster-recovery