Industrial Control System (ICS) Asset Management
The starting point of the whole ICS Security Assurance
The ICS Asset Management is consist of four (4) segments of activities as integrated unit. These 4 activities will give the final output called Asset Inventory Management documentation (including some gap findings against the documented list & practice vs. the real condition of the assessed asset
- Knowing the assets, assessing the assets, mapping it into proper criticality level of asset as the master for the all asset management in the further activities
- Ensuring the critical assets are having initial recommended protection and treatment is one of the main goal of this activitity. As it is important also to ensure the validity of each listed assets into its location, responsible party, and several binded entities related to asset management
- Criticality management will correlate densely with critical procedure, critical spare parts, backup and restore maangement, testing of the system, update and upgrade and obsolescence management that should be aligned with business strategy as long as safety and security concerns are the main reasons
- Change management process is the method to always record any changes against the system (ICS environment) that correlated to the other asset management portion such as asset criticality management as it will ensure the practice as per governed is conveyed, executed and practiced adhering to the standard
The Asset Management Documentation will be the final graad output from the ICS Security Asset Management process. This document will contain the updated, verified and validated Asset Inventory Database regarding assessed ICS environment object. It will also included with the account management and gap findings between listed inventories against the actual condition.