Home » Pillars » RC.IP: Identify and Prioritise Resources » RC.IP-3 Prioritise Assets

Description

A prioritised asset register must be created that clearly lists the priority order of asset / service, especially critical assets and services for recovery and restoration. In its granular level, it must show the sequence in which restoration and recovery must occur in order to avoid data corruption, and/or ‘denial of service’ to administrators (see also RC.DM-2). For example, if the right sequence of restoration order is not followed, e.g. if the management access or authentication service is not restored first, it may mean that administrators may not reach the service, and in this case may cause denial of service to themselves.

It is pertinent to note that elaborating a perfect recovery plan almost infeasible and could be too expensive (cost prohibitive). Thus, the issue of prioritizing assets / processes and focusing the plan on these assets is of utmost importance. In the end, it will always be a balancing act between effort vs cost (typical risk management) for the plan and the value of the protected assets.