The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.
- Scoping
- Asset Enumeration
- Threat Modeling
- Risk Discovery
- Prioritization
- Mitigation Analysis
- Retrospective
- Buildings
- Offices
- Rooms
- Areas
- Rooms
- Offices
- Doorways & Doors
- Locks & Keys
- Windows
- Safes
- Outlets
- Organizations
- Individuals
- Groups
- Positions
- Roles
- Stakeholders
- Owners
- Employees
- Suppliers
- Distributors
- Customers
- Investors
- Government
- Web Apps
- APIs
- LANs
- VPCs
- VPNs
- Components
- Physical
- Device
- State
- In Use
- Missing
- In Transit
- In Stock
- Type
- Desktops
- Laptops
- Tablets
- Phones
- Modems
- Firewalls
- Routers
- Switches
- Electronic Locks
- Product
- Vendor
- Warranty
- Acquisition Date
- Serial Number
- Cost
- State
- Device
- Virtual
- Clusters
- Databases
- VMs
- Physical
- Websites
- Services
- Functions
- Containers
- Daemons
- Jobs
- Pipelines
- Object Stores
- Repositories
- Archives
- Payloads
- Libraries
- Documents
- Records
- License
- Contract
- Processes
- Flows
- Source
- Destination
- Content
- Stores
- Terminator
- Sensitivity (Sensitive, Confidential, Private, Proprietary, Public)
- Criticality
- Business value
- Ownership
- Assignment
- Location
- Department
- Used by
- Managed by group
- Managed by
- Depends on (Used by)
- Uses (Used by)
- Sends data to (Receives data from )
- Runs (runs on )
- Connected to (Connected to)
- Impacts (Impacted by)
- Submits (Submitted by)
- Supports (Supported by)
- Hosted on (Hosts)
- Enables (Enabled by)
- Located in (Contains)
- Exchanges data with (Exchanges data with)
- Managed by (Manages)
- Owns (Owned by)
- Virtualized by (Virtualizes)
- Backed up by (Backs up)
- Consists of (Is part of)
- Attached to (Attached to)
- Scenarios
- Threat
- Action
- Impact
- Forecast
- Scenario
- Timeframe
- Forecasters
- Probability
- Certainty
- Response
- Evidence
- Containment
- Prevention
- Elimination
- Policies
- Status (Considered, Planned, Implemented, Monitored)
- Statements
- Principals
- Actions
- Resources
- Conditions
- Attributes
- Provenance
- Procedures
- Standards
- Baselines
- Guidelines
- 💰 Business Projects
- internal security consulting
- 🔁 Security Operations (Changes)
- all ongoing, consistent, repeatable efforts
- 🛠 Security Engineering (Internal IT projects)
- investments in the security organization itself
- 🚒 Incidents & Unplanned
- surprises, last minute tasks, incidents, or failure of imagination and planning