RC.IP-1 Identify critical technical and non-technical assets
Description
“Organisations must conduct a comprehensive discovery exercise to identify their critical technical and non-technical assets.
Technical assets include but not limited to data centres, hosting, servers, databases, data, software, models, and services. It is important to include ‘service’ as a whole, because some services are most important than the others.
Non-technical assets include but not limited to people, process and technology. For example, it is important to identify critical business processes, e.g. Intellectual Property (IP) of the company, and understand how it is safeguarded, and reproduced in the event of a disaster, cyber incident or attack, and more importantly, what safeguards and any weaknesses that exist within or around those safeguards (see also RC.CC-1).”
Outcomes / Outputs
(Conduct / Fix / Ingest / List / Plan / Procure / Produce / Report / Review / Set / Test / Train )
1. List of technical assets such as data centres, hosting, servers, databases, data, software, models, and services.
2. List of non-technical assets such as people, Intellectual Property (IP), process and technology.
Reference
© 2017 – 2020, C-MRIC.ORG, C-MRIC.COM and Cyber Recovery Operational Framework are registered trademarks of the C-MRIC organisation.