ICS Asset Inventory and Criticality Assessment and Management
The fundamental of the whole ICS Cyber Security Assurance
The ICS Asset Inventory and Criticality Assessment and Management is consist of four (4) segments of activities as integrated units. These 4 activities will give the final output called Asset Inventory and Criticality Master Document (including some gap findings against the documented list & practice vs. the real condition of the assessed asset
- Knowing the assets, assessing the assets, mapping it into proper criticality level of the asset as the master for the asset management in the further activities
- Ensuring the critical assets are having initial recommended protection and treatment is one of the main goals of this activity. As it is important to ensure the validity of each listed asset into its location, responsible party, and several bound entities related to the asset inventory record
- Asset criticality assessment and management is dealing with the critical procedure, critical spare parts, backup and restore management, testing of the system, update & upgrade, and obsolescence management. All of those should be aligned with business strategy with safety and security concerns as the main enablers
- Asset Management of Change process is the method to always record any changes against the system (ICS environment) that correlated to the other asset management portion such as asset criticality management, as it will ensure the proper guidance and procedure are conveyed, executed, and practiced when dealing with the asset
The Asset Profile Document is the deliverable from the ICS Asset Inventory and Criticality Assessment and Management process. This document will contain the updated, verified, and validated Asset Inventory Database covering the assessed ICS environment object. It will also include the account management and gap findings between listed inventories against the actual condition.