ICS OT Asset Inventory and Criticality Assessment
The fundamental step of the ICS OT Cyber Security Assurance lifecycle process
The ICS OT Asset Inventory and Criticality Assessment is consist of four (4) segments of activities as integrated units. These 4 activities will give the final output called Asset Inventory and Criticality Master Document (including some gap findings against the documented list & practice vs. the real condition of the assessed asset)
-
Asset Characterization
Knowing the assets, assessing the assets, mapping the assets into proper criticality level as the master reference for the asset management
-
Asset Consolidation and Inventory
Ensuring the critical assets have the recommended protection and treatment is one of the main goals of this activity. It is important to ensure the validity of each listed asset in its location, responsible party, and several bound entities related to the asset inventory record
-
Asset Criticality Assessment & Management
Asset criticality assessment deals with the critical procedure, critical spare parts, backup and restore management, testing of the system, update & upgrade, and obsolescence management. All of those should be aligned with the business strategy by incorporating safety and security concerns as the main enablers
-
Asset Management of Change
The Asset Management of Change (MoC) process is the method to record any changes against the ICS OT environment. This process has a close correlation to other asset management processes such as asset criticality assessment, as it will ensure the proper guidance and procedure are conveyed, executed, and deployed when dealing with the asset