SecureByDesign-Playbook

The Space in Cyberspace

To be developed

What is your ‘space’?

Areas of Responsibility: Locations and routes that you control (like your laptop) which you are responsible for managing.

Areas of Interest: Locations and routes that you don’t control but can affect you such as the internet, or guest devices that connect to your network, or partner networks.

Areas of Content Responsibility: Locations and routes that you don’t control, but that your assets are located in, such as your bank or cloud services.

Levels of Detail

Individual devices vs physical locations (eg ‘office’, ‘home’)

Stores and Connections

Map out the space - the computer networks - where your assets are located and moved through. Include:

• Storage and processing points: phones, laptops, computers, USB sticks, SD cards. What assets are held on these?
• Links between them: how are your assets moved between devices? This should include how users get to access the assets on those devices; how is the information moved from device to user?
• can be a very high level diagram to start with; don’t worry about all the various detailed technical links.

Include physical as well as virtual computer network locations

For data assets this will be your computer networks, where the data is ‘at rest’ or ‘on the move’

Existing Controls

What defences are already in place on each route to prevent unauthorised access?

Automatic Tools

Tools to explore, monitor and alert

---

Back to Playbook ● Office Example ● Next: Threats ● Starter Network Register

This site is open source. Improve this page.