The CyberCast

Control 1 & 2: Inventory Control of Enterprise Hardware & Software Assets - Sponsored by CyberCNS

Andrew Morgan

Abstract: There is a cybersecurity saying; “you can’t protect what you don’t know about.”  Without visibility into your information assets, their value, where they live, how they relate to each other and who has access to them, any strategy for protection would be inherently incomplete and ineffective.
Note sponsors are at the end at minute 28:30

The Why might an MSP want to listen?  Most MSPs only capture 50% of the assets on a client's network.

Min 2:30 - 8:46 (Ryan Weeks, CISO of Datto discusses)

  • Importance of asset management.
  • What defines an asset.
  • What defines good asset management.
  • What are common assets missed in an MSPs inventory.

Min 8:47 - 16:06  (Wes Spencer, CISO of Perch Security)

  • The repercussions of poor asset management.
  • Importance of Asset Management, as it pertains to Incident Response.
  • How asset management help with IR plans & Tabletops.

Min 16:08 - 23:05 (Brian Blakely, Fractional CISO of Cosant Cybersecurity)

  • What your policy statement should include.
  • Learn the importance of Data Flow Diagrams (DFDs).
  • Control objectives and standards MSPs need to consider.
  • Asset considerations on the Right & Left side of "Boom".

Min 23:06 - 28:30 (Phyllis Lee, Sr. Director of Controls for CIS)

  • Why CIS and most frameworks start with asset management.
  • The progression of sub-controls as an organization moves from IG1 - IG3 in CIS.
  • What actionable steps should MSPs take to successfully implement Control 1 & 2.

Sponsors:
Center for Internet Security
Phyllis Lee (28:30 - 30:58)
CSAT Pro - learn more here: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/

Netalytics Security:
Shiva Shankar (31:00 - 38:50)
CyberCNS: https://www.cybercns.com/