The MOST Important Cybersecurity PrincipleAug 02, 2022
Asset management is most commonly associated with cybersecurity hygiene, which is associated with patching, anti-virus, access control, and other asset-specific protections. However, there are three NIST CSF sub-categories that I want to bring to your attention and how they align with a mission-based cybersecurity risk program.
ID.AM-1: Physical devices and systems within the organization are inventoried.
ID.AM-2: Software platforms and applications within the organization are inventoried.
ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value.
These three sub-categories are the foundation of your organization's cybersecurity program, specifically, your cybersecurity risk program.
Some factors to keep in mind when developing a priority methodology:
- The role the asset plays in generating revenue
- The asset's importance to ongoing operations
- The asset's cost to replace or protect
- The reputation or legal damage the asset would cause if compromised.
Bottom line, the methodology decision will be up to every organization; however, be consistent in your assessment and prioritization.
Author: Dr. Bill Souza | Aug 2, 2022