The MOST Important Cybersecurity Principle

Asset management is most commonly associated with cybersecurity hygiene, which is associated with patching, anti-virus, access control, and other asset-specific protections. However, there are three NIST CSF sub-categories that I want to bring to your attention and how they align with a mission-based cybersecurity risk program.

ID.AM-1: Physical devices and systems within the organization are inventoried.
ID.AM-2: Software platforms and applications within the organization are inventoried.
ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value.

These three sub-categories are the foundation of your organization's cybersecurity program, specifically, your cybersecurity risk program. 
Some factors to keep in mind when developing a priority methodology:

• The role the asset plays in generating revenue
• The asset's importance to ongoing operations
• The asset's cost to replace or protect
• The reputation or legal damage the asset would cause if compromised.

Bottom line, the methodology decision will be up to every organization; however, be consistent in your assessment and prioritization. 

========

Blog: https://www.execcybered.com/blog
Training: https://www.execcybered.com/iso27001foundationcourse
Linkedin: https://www.linkedin.com/company/exceccybered/
Twitter: https://twitter.com/DrBillSouza
Instagram: https://www.instagram.com/drbillsouza/

Thanks.
Dr. Bill Souza
CEO | Founder
www.execcybered.com