15 Cybersecurity Fundamentals Revisited – #1 Perform Asset Inventories

The ongoing process of asset management is foundational for assessing, prioritizing, and managing risk across the entire organization. Without knowing what assets you have, there is nothing meaningful to inform other risk management programs such as vulnerability management, governance, incident response, etc. WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities discusses the importance of including asset characteristics beyond just a list of devices for a comprehensive inventory record. ICS cybersecurity firm Verve Industrial expounds on the idea of the comprehensive record, suggesting that the added context to an asset record could be thought of as an asset profile. While the value of asset inventory virtually goes unchallenged, too few organizations do it effectively, if at all. ICS network defenders need to understand more than just the assets on their networks, but the information those assets provide and interdependencies to other assets/systems. For a handy reference on all 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, download (if you haven’t already) from https://www.waterisac.org/fundamentals. Read the post at Verve Industrial