Working with Assets
Managing your organization’s assets can be a difficult task, as almost anything associated with a company could be considered an asset. Every employee, computer and cell phone is an asset, and these assets all have significant associated risks that could potentially jeopardize your cybersecurity or physical security standing. Hackers, thieves and other bad actors are always looking for vulnerabilities to exploit, and poor asset management is typically the root cause of vulnerabilities.
ControlMap’s Assets functionality is designed to make managing your assets as seamless as possible.
Creating a New Asset Type
There are several preloaded asset types in ControlMap that are common across organizations (such as Laptops, Customer Data and Servers). If you’d like to create an asset that isn’t one of our defaults:
Select the Actions dropdown menu on the upper right corner of the screen.
Click + Asset Type.
Fill in the name of your Asset Type in the Name field and click the Create button.
The new asset should now be listed among the existing asset types.
Adding Assets to Asset Types
There are often individual assets associated with asset types, and you can detail these assets within ControlMap by following these steps:
Select the Asset Type from the Assets menu.
Click the Add (Name of Asset) button on the right side of the Assets tab.
Fill the Asset Name, Description and Employee Owner fields before selecting the Save button.
The created asset should now be visible under the Assets tab.
Once you’ve created an individual asset, you can review any potential vulnerabilities or risks associated with it. You can also utilize our CIA (Confidentiality, Integrity and Availability) Matrix, which is an industry standard model to assess information security systems.
Click on the hyperlinked title of your created asset in the Assets tab, which should redirect you to the CIA Matrix tab.
You can assign scores of Low, Medium or High for the 4 categories in the CIA Matrix. If you need more information on how to score these values, click the icon to the right of the titles. Save your selections by clicking the Save button below the Overall Asset Value.
Threats: Select the Threats tab to the right of the CIA Matrix tab to link potential threats to the asset. There should be a few inherited threats linked to the asset from the Asset Type it’s associated with, but you can link additional threats to the asset by searching for them in the Search & link threats field.
Vulnerability: Select the Vulnerability tab to the right of the Threats tab to link potential vulnerabilities to the asset. You can search for vulnerabilities and link them via the Search & link vulnerabilities field.
Risks: Select the Risks tab to the right of the Vulnerability tab to add potential risks associated with the asset and view inherited risks from the asset type. Click the + Add Risk button and fill in the necessary information to add the risk to the asset.
Risk Assessments for Asset Types
Our preloaded Asset Types are associated with a number of common threats and vulnerabilities. In our system, you can add and link organization-specific risks to these threats to ensure all threats, vulnerabilities and risks are accounted for.
Select the Asset Type from the Assets tab.
Click the Risk Assessment tab to view the current threats and vulnerabilities that correspond with the asset type.
Select the hyperlinked threat to view the related risks, and select + Add Risk to create a new risk.
Fill out the required fields in the sidebar and select Create Risk to finish the process.
If you have any questions that aren't covered in this article, please contact email@example.com for additional assistance.