Every company is different, they all have different information systems. These information systems all have a different impact on the company or its environment. Therefore, a different approach to protect the company against a breach, data leakage or stagnation of a system is necessary.

Critical assets, important systems, crown jewels, these are all term for the most important information systems of a company. That is why I chose the following topic for my monthly blog is ??????? ???????? ??????.

Invest in the right security measurements

Besides the importance of the critical assets to the continuity of the company, which are in general unknown. Every company has a budget to invest in security measures.

That is why it is important to substantiate that this budget is invested in the right security measures and why not only the critical assets should be identified but also the threats to these critical assets.

The importance of identifying information on systems

There are in general six categories of information that a system could contain:

  1. Intellectual property; e.g. patents, models, research reports etc.
  2. Commercial/financial; e.g. orders, invoices, prices, quotes etc.
  3. Supply chain information; e.g. bills of material, delivery schedules, shipping requirements etc.
  4. Management information; e.g. financial reports, process performance, audit findings etc.
  5. Legal, regulatory information; e.g. contracts, legal advice, claims, negotiations etc.
  6. Personal Identifiable Information; Salary information, pictures, passport number etc.

The importance of these types of information to the company depends on the core business of a company. Information is the most important asset of an organization, it is important to determine the most essential information of a company and the systems that contain this information.

Important information nowadays is privacy-related information. This is information that can include details about customers, employees etc. Companies need to be extra careful with processing privacy-related information, that is why the company should identify the systems that contain privacy-related information and how this information is protected.

To identify the importance of an information system to the company the confidentiality, integrity, and availability (CIA) of the system should be determined.

Mission critical assets risk assessment

To discover the critical assets, all information systems need to be identified. The information, as mentioned before, on these systems should be identified. Finally, to identify the company’s critical assets the confidentiality, integrity, and availability should be determined.

Whenever the critical assets are identified, the potential threats to the critical assets should be determined. If it is clear which critical asset is sensitive for certain threat, the likelihood that the threat could take place and the impact to the organisation and its environment should be analysed to determine the risk level of a threat to a critical asset and to the organisation.

After it is made clear which threat is a hazard to the critical assets and the organisation, the risk appetite and measures need to be assessed. The consideration of how the organisation should address these threats. Addressing a threat means: to avoid, mitigate, transfer or accept the threat. If all to be taken and decided measures on how to minimize the identified threats are clear, a roadmap should be established.

Information and information systems are the key to the continuity of your organisation. Therefor it is essential to secure these systems in line with their importance to the company.

You should protect your companies mission critical assets against their threats to ensure your companies continuity!

Do you want more information about your companies mission critical assets and which threats these systems face? Do not hesitate to contact us!