Inventory and prioritize assets for more effective security

Every IT department is working with finite resources, so it’s important to use those resources wisely. You don’t need to invest the same amount of time and effort to protect every asset because some contain more sensitive information, or are more critical to keeping the business up and running.

I wrote a post about prioritizing assets for more effective security:

One of the most important jobs of managing servers or maintaining a network is to make sure it is protected from attacks and compromises. If you jump every time a new vulnerability is discovered, though, or if you immediately try to patch everything, all the time, you will be in constant firefighting mode, and you may very well end up leaving crucial assets exposed. You have to start by prioritizing assets so you can be smart about how you manage and protect them.

Let’s take the fire analogy a step further as an illustration: Learning of a new vulnerability is like a fire department receiving a call that a number of buildings are on fire. If the firefighters show up on the scene and just start with the first building in the row and work their way down, other damaged property may not get the immediate attention they need, and more lives could be put at risk. Perhaps the first building is an empty warehouse, the second building is a children’s hospital, and the third building is a museum of priceless paintings. It is crucial for the firefighters to perform a quick assessment of the situation to properly prioritize which buildings to focus on first.

Click here to read the full post on the RSA Security blog: Effective Security Starts with Prioritizing Assets.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post