2020-01 Mobile device lost

Risk

AssetConfidential information stored on mobile devices
ThreatA laptop, tablet or phone is lost and confidential information (source code, e-mail, customer details) gets into wrong hands.
Category

CONFIDENTIALITY

LikelihoodH
ImpactM
ExposureH
OwnerManagement


Treatment

TreatmentMITIGATE
MeasuresImplement A.6.2.1 Mobile device policyA.10.1.1 Policy on the use of cryptographic controls
Residual riskL
ResponsibleMaurice Pasman


The exposure is expressed as a factor of the likelihood and impact.
Likelihood
/ Impact
HighMediumLow
High

H

H

M

Medium

H

M

L

Low

M

L

L

 Definitions of likelihood and impact...

Likelihood

LikelihoodDescriptionFrequency
Low
  • It is not likely to materialize
  • It has never happened to organizations similar to ours
Less than once per year
Medium
  • It is likely to materialize
  • It has happened to organizations similar to ours
Once or twice per year
High
  • It is very likely to materialize
  • It has happened to our organization before
Multiple times per year

Impact

Impact

Description

FinancialImageLegal
Low
  • Some data or information is not accurate or available
  • Small amounts of non-sensitive personal data leaked
  • Small damage or consequences
<10% of the net result/budget

Incidental (local) media attention

Possible claims

Medium
  • Most data or information is not accurate or available
  • Large amounts of non-sensitive personal data leaked
  • Considerable damage or consequences
10-30% of the net result/budget

Incidental nationwide media attention or frequent local media attention

Lawsuit, multiple claims

High
  • Most or all data or information is not accurate or available
  • Large amounts of sensitive personal data leaked
  • Large damage or consequences for the continuity of the organization
>30% of the net result/budget

Frequent nationwide media attention

Lawsuits