National Institute of Standards and Technology

Article by: Charlie Platt / iDiscovery Solutions

I’ve written on this topic before, and despite the danger of sounding like a broken record, I will repeat myself: Cybersecurity is all about risk management. Many of you are likely working with your company’s chief information security officer (CISO) and security teams to help assess and control this cyberrisk. (At least I hope you are.) And one of the first things most security professionals recommend is taking an inventory of your IT assets. In fact, it’s embodied in the first Function of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework:

“The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.”


Continue Reading