Identify Your Assets
Transcription
In the NIST Cyber Security Framework the function that deals with “identify” is closely associated with a risk assessment practice. This is something you should do in order to identify the risk in your organization. The first component of this is called Asset Vulnerability Identification. It specifies that you should identify and document these vulnerabilities to your assets. One of the references that is in this section of the NIST Cyber Security Framework is critical control number 1 from the Center for Internet Security. The very first critical control that they put into that framework is that you must identify all of your assets. They talk about physical, virtual, critical assets such as servers and databases, but also other ancillary devices that could impact the security of your environment. There are assets now that are in the cloud that you’ll never see or touch, but they are still assets none the less because they hold data, or they are systems or services that can impact the security of your organization. So, taking this first critical step in identifying what your assets are and ranking the vulnerabilities to those assets is one way that you can begin documenting your risk assessment according to the practices that are outlined in the NIST Cyber Security Framework
In the NIST Cyber Security Framework the function that deals with “identify” is closely associated with a risk assessment practice. This is something you should do in order to identify the risk in your organization. The first component of this is called Asset Vulnerability Identification. It specifies that you should identify and document these vulnerabilities to your assets. One of the references that is in this section of the NIST Cyber Security Framework is critical control number 1 from the Center for Internet Security. The very first critical control that they put into that framework is that you must identify all of your assets. They talk about physical, virtual, critical assets such as servers and databases, but also other ancillary devices that could impact the security of your environment. There are assets now that are in the cloud that you’ll never see or touch, but they are still assets none the less because they hold data, or they are systems or services that can impact the security of your organization. So, taking this first critical step in identifying what your assets are and ranking the vulnerabilities to those assets is one way that you can begin documenting your risk assessment according to the practices that are outlined in the NIST Cyber Security Framework