Part 2 — Reconcile rapid digital transformation with security and compliance
By Jaber Kakar | 12/10/21 3:30 PM | 1 Minute Read
You may recall from our previous post that a solid understanding of security-relevant assets plays a fundamental role in facilitating the reconciliation process between rapid digital transformation with IT security and compliance. Let’s assume this step has been completed to our complete satisfaction. Where do we go from here?
Determine the criticality of assets requiring protection
Since not all of your assets have the same security requirements, the protection needs of each of your assets must be determined. After all, the principle is that assets with high-security needs must be prioritized over others with low requirements.
However, due to the high number of assets, scalability in the assessment of protection needs is an important aspect to consider. The upstream process of structural analysis now kicks in. Interrelationships between business processes, information segments, and IT systems form the starting point for evaluating the criticality of primary and secondary assets. Primary values generally represent processes and information, while secondary values include hardware, software elements, network, personnel, and buildings. Note that primary values cannot be adequately protected without protecting secondary values. After all, hardware and software are used to process information in business processes as efficiently and securely as possible. However, if the software or hardware is insecure, this has a direct impact on the availability of business processes or the confidentiality of information, among other things.
For this purpose, our consultants develop individual, scalable and automated digital evaluation procedures, which use inheritance concepts of assets according to top-down, bottom-up strategies, or a mixture of both.
These solutions generate dashboards that allow you to track security-related vulnerabilities along with the asset network in real-time.
In Part three of this series, we will clarify the process of comparing targets and actual performance measures of security measures.
Thanks for reading! If you want to learn more about Security, Risk and Compliance please visit our website or contact us on our social media.
