WaterISAC Presents ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM)
Created: Thursday, October 1, 2020 - 18:52
Categories: Cybersecurity, General Security and Resilience
In honor of National Cybersecurity Awareness Month (NCSAM), WaterISAC will cover each of our 15 Cybersecurity Fundamentals during the month of October. We dubbed the series, ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM). The goal of 15CFAM is to provide reminders along with additional resources not previously included in the current guide. Members can track ongoing posts through the Resource Center on our portal with the ‘15CFAM’ tag. To commence 15CFAM, #1 – Performing Asset Inventories arguably seems like a good place to start. Knowing your assets is the foundation of a successful cybersecurity strategy. In fact, it’s unrealistic to expect to adequately complete such tasks as a basic risk assessment without a comprehensive asset inventory. Knowing what assets you have is a powerful advantage in overall cyber risk management. Only when you know what you have are you able to effectively discover, prioritize, and remediate vulnerabilities to any (IT or OT) system. Therefore, a comprehensive asset inventory is a foundational prerequisite for the success of all cyber risk management programs. Don’t let the challenges of asset management contribute to the deficiencies of other risk management functions such as vulnerability management, risk assessments, or monitoring.
During the past several weeks, there have been multiple posts and additional resources in the Security & Resilience Update dealing with this keystone cybersecurity fundamental. So much continues to be discussed on the importance of maintaining a comprehensive asset management program. Recently, we referenced the following articles or resources on asset management:
- What is OT/ICS Asset Management? by industrial cybersecurity meister Ralph Langner.
- In another authoritative resource, the U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) released “Protect Critical Assets and Applications,” the third of six Cyber Essentials Toolkits,
- Finally, industrial cybersecurity firms, PAS Global and Verve Industrial also offer some musings on the topic.
Check us out Tuesday when we explore risk assessments and minimizing control system exposure.