Updated: Mar 30, 2022
It’s important to understand risk. And in order to understand any organization’s cybersecurity risks, you need to take inventory. If you’ve never done this before, it’s time to ask what do you have to lose? In developing a security maturity strategy or mitigating a security breach, you should always start by identifying critical data and assets that could be compromised.
Critical assets are the organizational resources essential to maintaining operations and achieving the organization's mission (as defined by CISA).
You cannot be sure you’ve protected your valuable assets unless you know and name what they are.
This might look like a spreadsheet (spreadsheet people rejoice!). Or it might be a long document. It could be a table in a company memo, but in any case, your inventory should include the answers to these questions:
What assets – people, information, technology, and facilities – do we have?
Which of these above are the most valuable to the company? (Rank them in order of value.)
Which of these are the most valuable to attackers? (Usually this is the same answer as #2.)
Which are the easiest assets to access?
Who owns (takes responsibility for) each asset?
Once this list is created, you have identified your critical assets and can develop a risk mitigation plan based on which are the top priorities (highest value and greatest risk).
As you list your information/data assets, make sure to consider all of these:
Taking inventory of your critical data is a great first step. Stay tuned as we discuss each step in the mitigation process.
For more, read David Evenden's article Increasing Your Security Posture at PenTest Mag.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.