Critical Asset Planning

Every company has a Critical Asset (CA) which, if lost, would cause severe damage to its reputation or financial wellbeing. Security budgets are often best spent protecting these critical assets. Building the proper Policies and Procedures to preserve Critical Assets often involve multiple individuals both inside and outside your organization. 

The frequency, sophistication, and variety of attacks perpetrated against a company CA will often support the idea that security must be implemented through layered and diverse protection mechanisms, an approach sometimes referred to as "defense-indepth." These layers of protection often require joint planning exercises by internal and external experts in the physical, human, and cyber domains. 

Maintaining security around your CA will require constant effort, corporate resources, and vigilance. Securely monitoring your CA on a daily basis is essential. 

Maintaining security will usually involve the following steps: 

  • Perform background checks and credentialing of individuals with access to your CA
  •  Establish security roles and responsibilities 
  • Configuring, protecting and analyzing physical and Cyber domain access logs
  • Backup critical information related to your CA frequently, with multiple historical versions of the CI
  • Maintaining multiple protected, authoritative copies of your organization's data associated with the CA
  • Establish and test procedures for recovering from compromise
  • Test and apply hardware security patches promptly
  • Performing a quarterly cross-domain Tabletop exercise to simulate loss and recovery procedures. Technical personnel and business decision makers work together during Tabletop exercises to decide on the most practical and effective containment plans. Containment plans will vary from one set of circumstances to the next, and they may quickly become intensive in terms of time and resources from both the technological and business impact perspectives.
  • Employees must be trained to identify risks associated with your CA
  • Employees with access to your CA must:

  • be aware of their surroundings; see something, say something
  • Avoid opening unexpected text and mail messages from unknown senders
  • Be trained to recognize Spammers and Phishers
  • Click with caution
  • Test security periodically