Hi all, I need a few opinion thoughts on putting together a list of critical assets. For context, I have an environment with almost 1k servers, and 20k user endpoints, plus a couple thousand other networked medical and infrastructure devices but no one has ever bothered to create an asset register of critical assets.

I’m taking this from a security stance, and need to understand what the critical assets are so I can enhance logging, monitoring and alerting on those assets, review the business continuity plans for those assets support etc.

Two approaches i have in mind is;

1. speaking to the heads of various services to understand what’s critical for their functions and then determining the assets that support those functions and taking off from there. The problem is, most service heads, cannot tell the systems that support their functions at an asset level, which is sort of a dead-end for me. Moreso, where they do, each service head considers everything they use/deal with as critical, which skews the process for me. Added, to this, is a huge time required to go down this route.
2. My second option, which is sort of a starter, is identifying all systems which hold PII. I know this is a very minute subset of critical assets, but I believe this should be on the front schedule of work.

Has anyone been in such a situation where there is almost no documentation? Where would you start to tackle this problem?


NB: I am not developing a list of critical assets for the business, I’m only trying to identify as much as possible, so I can develop cyber resilience strategies for those assets.

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.