Every IT department is working with finite resources, so it’s important to use those resources wisely. You don’t need to invest the same amount of time and effort to protect every asset because some contain more sensitive information, or are more critical to keeping the business up and running.
I wrote a post about prioritizing assets for more effective security:
One of the most important jobs of managing servers or maintaining a network is to make sure it is protected from attacks and compromises. If you jump every time a new vulnerability is discovered, though, or if you immediately try to patch everything, all the time, you will be in constant firefighting mode, and you may very well end up leaving crucial assets exposed. You have to start by prioritizing assets so you can be smart about how you manage and protect them.
Let’s take the fire analogy a step further as an illustration: Learning of a new vulnerability is like a fire department receiving a call that a number of buildings are on fire. If the firefighters show up on the scene and just start with the first building in the row and work their way down, other damaged property may not get the immediate attention they need, and more lives could be put at risk. Perhaps the first building is an empty warehouse, the second building is a children’s hospital, and the third building is a museum of priceless paintings. It is crucial for the firefighters to perform a quick assessment of the situation to properly prioritize which buildings to focus on first.
Click here to read the full post on the RSA Security blog: Effective Security Starts with Prioritizing Assets.