ID.AM-05.133

Does your organization maintain a documented process for tracking and periodically updating asset priorities, especially following significant organizational changes?

Explanation

Asset prioritization helps organizations allocate security resources effectively by identifying which systems and data are most critical to operations or most vulnerable to threats. Regular updates to these priorities ensure that security controls remain aligned with the organization's current risk landscape as business objectives, system architectures, or threat environments change. Evidence could include a documented asset prioritization methodology, meeting minutes showing periodic priority reviews, change management records that trigger priority reassessments, or a current asset inventory with clearly marked priority levels and review dates.

Implementation Example

Track the asset priorities and update them periodically or when significant changes to the organization occur

ID: ID.AM-05.133

Context

Function: ID: IDENTIFY
Category: ID.AM: Asset Management
Sub-Category: Assets are prioritized based on classification, criticality, resources, and impact on the mission

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub