adam's notes

Guidelines for Asset Management and Resiliency Controls

The following are important asset management concepts:

  • Perform asset identification
    • Catalog all assets, both physical and intangible, owned by an organization.
    • Include key information such as asset type, location, value, and ownership.
  • Implement asset lifecycle management
    • This includes rules for procurement, maintenance, depreciation, and eventual retirement or replacement of an asset.
  • Perform asset tracking
    • Keep track of the location and status of assets, especially those that are mobile or prone to theft.
  • Understand regulatory compliance requirements
    • Certain assets, such as those related to health and safety, data protection, or environmental impact must be managed in compliance with specific regulations to avoid legal penalties.
  • Perform disaster recovery and business continuity planning
    • Plans should be in place to quickly replace or restore critical assets in case of disasters.
  • Secure asset disposal
    • Using legally compliant and secure methods to destroy data

Ensure adequate capacity planning for people, technology, and infrastructure:

  • Implement high availability strategies including the following:
    • Scalability and elasticity
    • Fault tolerance and redundancy
    • Clustering
    • Site resiliency
  • Using risk assessments, identify assets that have high availability requirements and provision redundancy to meet this requirement:
    • Hot, warm, or cold site resources to recover from disasters.
    • Use dual power supply, PDUs, PSUs, and generators to make the power system resilient.
    • Use NIC teaming, multiple paths, and load balancing to make networks resilient.
    • Use RAID and multipath I/O to make storage resilient.
  • Implement diversity in technologies and controls.
  • Perform comprehensive testing of resiliency capabilities.

Follow these guidelines for deploying or upgrading physical security controls:

  • If possible, design sites as zones to maximize access controls and surveillance for the most secure areas, using industrial camouflage, perimeter network, air gaps, vaults, and safes where applicable.
  • Secure the site perimeter and access points using fencing, barricades/bollards, and locks (physical, electronic, and biometric). If using smart cards, use a type that is resistant to cloning/skimming.
  • Monitor the site using security guards, CCTV, and drones/UAV, and use effective lighting to maximize surveillance.
  • Deploy an alarm system (circuit, motion-based, proximity, and/or duress) to detect intrusion.
  • Use ID badges to authorize access.

Graph View

Backlinks