Identify>Asset Management>ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value   Knowing what is important is better than knowing what you have.  ID.AM-5: Resources are prioritized based on their classification, criticality, and business value: Defined.  You know that when there are six examples just in […]

Identify>Asset Management>External information systems are catalogued  No systems can exist in isolation.   Don’t get taken advantage of by someone else’s system. What exactly is an external information system? According to NIST CSRC glossary, it is “An information system or component of an information system that is outside of the authorization boundary established by the organization […]

Identify>Asset Management>ID.AM-1 Physical Devices and Systems Within the Organization Are Inventoried  There’s a battle going on between the growth of your environment and your ability to understand it. This battle is part of the larger war in the protection of digital assets. Cybersecurity programs are built to protect digital assets. The conundrum lies in the […]

Identify>Asset Management>ID.AM-2 Software Platforms and Applications Within the Organization are Inventoried Every new piece of software introduces a possible vulnerability. Software platforms and apps within the organization are inventoried: Defined Inventory…software? Maybe they want you to inventory ghosts or imaginary friends while you’re at it. We get it. It is one thing to inventory physical […]