Taking stock of your critical assets
A business cannot design an effective and focussed cyber incident response plan and be secure if it does not have an accurate asset inventory.
With a good understanding of its assets and their criticality, a business is going to be better placed to apply resources efficiently in order to develop a response plan and be prepared for a cyber incident.
Identifying critical assets is a time-consuming exercise, which involves a number of steps including:
- Gathering the initial information relating to the IT environment and the general controls in place
- Identifying the existing applications in use, data locations, data ownership, and data management
- Performing a Business Impact Analysis for the data assets to classify them in order of criticality and priority to assist determining their value
- Identifying gaps, if any, and collecting the missing information
Many organisations have critical assets sitting with third-party service providers or residing on cloud platforms, therefore taking stock of all assets (location, ownership and management) is an important step in this exercise.
Conducting a business impact analysis will make it easier to determine the appropriate way to protect assets before, during, and after a cybersecurity incident. When assessing the business impact it is important to consider different scenarios, and any serious implications resulting from an incident that compromises your critical assets such as financial losses, reputational damage, and regulatory compliance penalties.
Kaon Security can assist organisations to conduct a series of comprehensive in-house workshops, so that key organisational stakeholders can methodically identify all critical assets, and then make qualified decisions as to which asset(s) are most valued and critical to protect. This exercise also helps analyse how well the assets are currently protected and identify any gaps in the existing controls.
Improving user engagement with Policy Management as a Service (PMaaS)
We recently announced the availability of the Essentials and Premium versions of PMaaS. Some of the new functions are designed to drive improved user interaction with the content from the initial implementation phase, through to the ongoing management of the fully deployed service.
During the initial implementation phase a Stakeholder Group can be formed to engage selected participants (subject matter experts) in a process to review policy wording. By assigning them the “stakeholder” role, they can collaborate on the final wording choices for policy statements by typing in their comments. This can be used thereafter to streamline future policy review exercises to ensure that policies stay aligned with business requirements.
Keeping policies up to date after implementation is very easy as a reminder service within PMaaS can be set up to notify stakeholders and administrators that a review is pending. The reminder service can also be used to prompt Users at intervals to read their policies.
To view a brief video on the new functionality provided with the Essentials and Premium versions of PMaaS CLICK HERE
For information on Policy Management as a Service – CLICK HERE