Organization Assets Overview – why do we need them (CIA Triad)?

Because we need to know what to protect.

It´s recommended to create following inventories:

  • hardware inventory
  • software inventory
  • data or information inventory

Once you have it all identified, you might establish controls enabling you spot any changes in the context of:

  • system updates, and
  • system disposal.

One of the most common practice when designing systems, assessing risks, designing incident response procedures and policy development is to follow CIA triad. The triad helps immensely to structure the security considerations you´re forced to take.

C – Confidentiality
I – Integrity
A – Availability

CIA approach simply enables you to identify vulnerabilities and design strategies to mitigate those vulnerabilities.

Why it is important? Take a look at Top 18 Critical Security Controls from SANS. Assets are mentioned three times!

  1. Inventory and Control of Enterprise Assets
  2. Inventory and Control of Software Assets
  3. Data Protection
  4. Secure Configuration of Enterprise Assets and Software
  5. Account Management
  6. Access Control Management
  7. Continuous Vulnerability Management
  8. Audit Log Management
  9. Email and Web Browser Protections
  10. Malware Defenses
  11. Data Recovery
  12. Network Infrastructure Management
  13. Network Monitoring and Defense
  14. Security Awareness and Skills Training
  15. Service Provider Management
  16. Application Software Security
  17. Incident Response Management
  18. Penetration Testing.

Cheers!

M.

Leave a Reply

Your email address will not be published.