Skip to main content

1. Assets & orientation

  • Inventory of assets is fundamental for cybersecurity, as uncharted assets have little chance of being properly maintained, and can constitute weak points for the information system.

  • For most assets, it is possible to to automate inventory, using builtin or installed agents.

  • For enterprise mobile terminals, there exist numerous Mobile Device Management solutions.

  • Inventory shall allow to retrieve versions of every piece of software, as this will be basis for vulnerability management.

  • Network assets shall also be comprised in the inventory. Indeed, an old Wi-Fi router can be the simplest way to penetrate a company networks.

  • Other assets to include are printers, scanners, CCTV, and potentially a bunch of IoT devices.

  • Orientation is based on organization vision, policy and risk management.

  • Considered risks in ASF are related to information system, and more specificaly to software development.

  • Once risk assessment is performed (see dedicated section), use it to define your priorities.