Don’t let Equifax happen to you! Start by keeping track of all your assets.
October 11, 2017
2017 has been a year riddled with high-profile data breaches. Most recently, Yahoo reported a data breach affecting ALL 3 billion user accounts.
Cybersecurity governance is coming on center stage for a lot of organizations, whether they are a healthcare firm, financial firm, government entity, no organization is safe. When approaching cybersecurity goverance there are a number of different frameworks organizations can choose from. One of the most popular is the NIST-800 document. NIST outlines five steps to help organizations build a solid foundation of cybersecurity.
One of the first things to do is a simple asset inventory and risk classification list. An easy and inexpensive way of doing this is to maintain an excel sheet. All devices and information assets that your firm uses to conduct business should be listed, this includes laptops, desktops, servers, mobile devices, tablets, any third party infrastructure that your firm uses that might have access to personally identifiable information (PII).
The second part of your asset inventory is risk classification. Obviously some devices will be a higher risk than others, so it is a good idea to have a high, medium and low scale so that you can prioritize which asset takes precedence over others. Bonus points if you have an additional column with all active users who have access to these assets.