Asset Business Context

A
Written By Threat NG Staff

In cybersecurity, Asset Business Context refers to information that describes an asset's importance to the organization's operations, its role in business processes, and the potential impact if it were compromised. It provides the "why" behind protecting an asset beyond just its technical specifications.

Here's a more detailed explanation:

  • Business Function: This describes what the asset is used for in the organization. For example, is it a web server that handles e-commerce transactions, a database that stores customer data, or a server that runs the company's email system?

  • Criticality: This assesses how essential the asset is to the organization's ability to function. A highly critical asset is one whose loss would severely disrupt business operations.

  • Data Sensitivity: This indicates the level of confidentiality of the data stored, processed, or transmitted by the asset. For example, does it handle personally identifiable information (PII), financial data, or trade secrets?

  • Regulatory Compliance: This identifies any legal or regulatory requirements for the asset. For example, is it subject to HIPAA, GDPR, or PCI DSS regulations?

  • Dependencies: This outlines any other systems or assets that rely on the asset to function. Understanding dependencies is crucial for assessing the cascading impact of a security incident.

  • Ownership: This designates the individual or team responsible for the asset, essential for accountability and incident response.

By understanding the Asset Business Context, security professionals can better prioritize their efforts and make more informed decisions about protecting the organization's most valuable resources.

While ThreatNG primarily focuses on external security, it provides valuable information that can be used to infer and support the understanding of Asset Business Context. Here's how:

External Discovery: Identifying Assets

  • ThreatNG's external discovery process identifies the organization's externally facing assets, providing a basic inventory. Knowing what assets exist is the first step in understanding the Asset Business Context.

  • For example, ThreatNG discovers web servers, email servers, and cloud services.

External Assessment: Gathering Information to Infer Context

ThreatNG's external assessment modules provide details that help infer aspects of Asset Business Context:

  • Domain Intelligence: This module includes information about the purpose of domains and subdomains. For instance, a subdomain like "shop.example.com" strongly suggests an e-commerce function.

  • Technology Stack: ThreatNG identifies the technologies used by web applications. Knowing that a server uses a database like MySQL suggests it might store essential data.

  • Cloud and SaaS Exposure: Identifying the use of cloud services like Salesforce or Workday reveals the business functions supported by those assets (CRM, HR).

Examples of How ThreatNG Helps Infer Asset Business Context

  • Suppose ThreatNG discovers a server with an exposed database and identifies the technology stack as an e-commerce platform. In that case, it's reasonable to infer that the server is critical for online sales and handles sensitive customer data.

  • If ThreatNG identifies a subdomain used for a customer support portal, it suggests that the asset is essential for customer service operations.

Reporting: Organizing Information

  • ThreatNG's reporting capabilities organize the information gathered, making correlating technical details with potential business functions easier.

Continuous Monitoring: Tracking Changes

  • ThreatNG's continuous monitoring helps track changes to external assets, which can indicate changes in their business context.

  • For example, launching a new web application might signal a new business initiative.

Investigation Modules:

  • ThreatNG's investigation modules allow for a deeper exploration of asset details.

  • For example, the Domain Intelligence module can provide more insights into the purpose and function of specific domains and subdomains.

Working with Complementary Solutions

  • ThreatNG's findings can be combined with data from other systems to build a more complete picture of Asset Business Context.

  • For example, integrating ThreatNG's data with an internal Configuration Management Database (CMDB) can link external assets with internal systems and business processes.

While ThreatNG primarily focuses on external security, it provides valuable information that security professionals can use to infer and understand the Asset Business Context, aiding in risk assessment and prioritization.

Threat NG Staff
Previous

ASN (Autonomous System Number)
Next

Asset Classification