Asset management and inventorying your physical systems, we all know we should do it, and I am sure most try. I am not going to talk about the should have, would have or could have. Instead, I am going to focus on the risks associated with the NIST CSF control ID-AM.1.
Saturday, December 12, 2020
Asset Management - Physical Devices - What do you have? Do you know?
The control simply states, “Physical devices and systems within the organization are inventoried.” At the simplest level, this control is saying that the organization inventories all physical systems that are apart of the information system. In my opinion, the control is foundational because how can you secure something if you don't know it exists. If you are not inventorying your systems, how do you know if they have adequate controls to protect the data and network. If you had a breach of data, would you know what type of data was involved, or would you even know if you had a breach? To further extend this, how can you perform a risk assessment on the system to understand and relay any risks to the overall information system?
If this control is not in place and at a minimum level repeatable, your organization is higher risk. You have to know what you have to be able to protect it.
The associated risks of the NIST CSF
In this series, I am hopefully going to explain the risks associated with the NIST CSF and associated controls. I will primarily focus on NIST controls. I intend to review each NIST CSF control individually and help understand the risks associated with not satisfying that control. This series should help you know which controls are essential for your business when developing your profile. The information can be further extended to developing scorecards and metrics for your information security program.
Subscribe to:
Posts (Atom)
Asset Management - Physical Devices - What do you have? Do you know?
Asset management and inventorying your physical systems, we all know we should do it, and I am sure most try. I am not going to talk about ...
-
Asset management and inventorying your physical systems, we all know we should do it, and I am sure most try. I am not going to talk about ...
-
In this series, I am hopefully going to explain the risks associated with the NIST CSF and associated controls. I will primarily focus on N...
-
I am sure you have had either consultants, vendors, or heard at a conference that vulnerability management is foundational security control....