The MOST Important Cybersecurity Principle

Asset management is most commonly associated with cybersecurity hygiene, which is associated with patching, anti-virus, access control, and other asset-specific protections. However, there are three NIST CSF sub-categories that I want to bring to your attention and how they align with a mission-based cybersecurity risk program.

ID.AM-1: Physical devices and systems within the organization are inventoried.
ID.AM-2: Software platforms and applications within the organization are inventoried.
ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value.

These three sub-categories are the foundation of your organization's cybersecurity program, specifically, your cybersecurity risk program.
Some factors to keep in mind when developing a priority methodology:

  • The role the asset plays in generating revenue
  • The asset's importance to ongoing operations
  • The asset's cost to replace or protect
  • The reputation or legal damage the asset would cause if compromised.

Bottom line, the methodology decision will be up to every organization; however, be consistent in your assessment and prioritization.

========

Blog: https://www.execcybered.com/blog
Training: https://www.execcybered.com/iso27001foundationcourse
Linkedin: https://www.linkedin.com/company/exceccybered/
Twitter: https://twitter.com/DrBillSouza
Instagram: https://www.instagram.com/drbillsouza/

Author: Dr. Bill Souza | Aug 2, 2022 

Close

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.