Every organization has a lifeblood; this can be described as the main activity that keeps the organization in business. Critical Assets – the lifeblood, are critical systems (including the data) that keep the organization successful and competitive.
In the case of government agencies, critical assets are usually the citizens’ data and the systems that house that data. An organization’s Information Officers should be able to identify the organization’s critical assets within 10 seconds, with their eyes closed; this emphasizes the importance. Identification of critical assets is relevant to determine the level of controls required to protect them and to target security controls around the assets.
The control objective in this area is to identify the Critical Assets, list them on an inventory, and outline what data they may contain. The inventory may also contain which systems interact with the Critical Assets (integrations). Finally, review the inventory regularly and protect it.
Protect Your Critical Assets in a Landscape of Expanding Attack Surfaces