ID.AM-05.132

Has your organization established and applied asset prioritization criteria to classify and rank assets based on their criticality?

Explanation

Asset prioritization helps organizations allocate security resources efficiently by identifying which assets require the highest levels of protection based on their value, sensitivity, and business impact. This process typically involves categorizing assets (such as systems, data, and applications) according to predefined criteria like business criticality, regulatory requirements, and potential impact if compromised. Evidence of fulfillment could include a documented asset prioritization framework or matrix, asset inventory with assigned priority levels, risk assessment reports showing prioritized assets, or meeting minutes where asset prioritization decisions were made.

Implementation Example

Apply the prioritization criteria to assets

ID: ID.AM-05.132

Context

Function: ID: IDENTIFY
Category: ID.AM: Asset Management
Sub-Category: Assets are prioritized based on classification, criticality, resources, and impact on the mission

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub