Critical Systems and Components – CompTIA Security+ SY0-401: 2.8

What are the critical systems in your organization? In this video, you’ll learn how to identify tangible and intangible assets and learn strategies for identifying critical business systems.

<< Previous Video: Business Impact AnalysisNext: Redundancy and Single Points of Failure >>

There are many types of assets within our organization. One of the more obvious ones is probably the people. These are the employees themselves, perhaps the visitors you have coming into your building, or suppliers that you have working with you at your facility. There are also tangible assets. These are assets that we can physically touch. So all of the books that are on a shelf, all of your computer equipment, all of your furniture, anything that might be a paper document, those are the things that we would consider tangible assets.

Intangible assets are the exact opposite. They’re assets your company has, but you can’t actually touch them. For instance, the branding of your organization is clearly something you can’t touch, but it is a very important asset for your organization. Another important consideration are the processes and procedures that you have in place that keep your company going. So things like standard operating procedures, or supply chains are processes and procedures that are extremely important to keeping your business running.

It’s important to be able to identify what these critical systems might be. We use these during continuity planning to figure out what we need to protect as part of the plan. So the first step would be to make a list of all your critical systems. This could be a very involved process, especially if you have many different systems and many different processes inside of your organization.

You’re then going to want to list out your business processes. These might be things like accounting’s that you get paid every two weeks. Maybe it is a manufacturing process that you have in your organization. But all of these very important business processes need to be documented. That’s because we’re now going to take all of those business processes and try to determine what tangible and intangible assets are associated with each individual business process.

This is an extremely complex process and usually you might even bring in third parties to help you make these determinations, because you’re accounting system may touch particular servers, there’s certain data associated with those, there’s third parties you might go to to help with accounting and payroll, there might be a printing process and a printer. And just those individual systems have to be considered if you need to have some type of plan should anything happen to the accounting systems. Although this process is relatively complex and it may take a lot of time to be able to determine what business processes are associated with which assets, it’s going to allow you to create a very valuable continuity plan should anything happen to your organization.