Geek risk management

An asset provides value to user or company and has a relative worth.

Assets are people, physical assets (computers, network equipment), and IT assets (HW, SW, data). An asset’s relative worth is determined through its positive economic value and can have different values based on criticality to the organization.

Asset – in this case Joe Dork’s 1990s collection of Star Trek TOS VHS cassettes.
Vulnerability – Unlocked basement door to Dork’s room in parents’ home.
Vector – Going through the unlocked door.
Threat Actor – Beautiful cosplay girl.
Threat – Theft of tapes.
Risk – Stolen VHS.

Not only are your direct assets something to catalog, but you should also assess your supply chain assets, in all steps from supplier to consumer. Vendors should be cataloging their assets and the threats to it. The SolarWinds hack came from a supply chain vulnerability.

There’s zero chance that Dork’s VHS assets will be stolen by any cosplay girl, but you must perform a continuing asset inventory before any exploitation of vulnerabilities takes place.

Leave a Reply

Your email address will not be published. Required fields are marked *