[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Asset: the missing piece in your puzzle
From https://www.sans.org/critical-security-controls to ISO 27001, through the NIST CSF (#1 Identify), NIST Risk Management Framework, SP 800-53... ... If you don't properly manage your Assets in cybersecurity: you will FAIL. Information obtained from the data that you will manipulate and exchange need to be linked to your Assets, the Assets of others (Supply Chain or Adversaries). So -again-, I invite you to look at http://scap.nist.gov/specifications/ai/ NB: While not perfect, and I can comment further with pleasure on where/why, the Asset concept/construct or relationships (i.e. through GUIDs) is, imho, NEEDED. PS: I will try to put effort on documenting where the current model(s) are currently weak regarding this domain Best regards
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]