Asset Management and Cybersecurity Integration
Asset Management Framework Journal
The International Organization for Standardization (ISO) promotes the use and integration of management systems as a way to improve organizational performance. ISO’s development of multiple management system standards that builds on a common Harmonized Level Structure (HLS) fosters this (see ISO Management System Standards for more information). ISO even publishes a handbook on the Integrated Use of Management System Standards to demystify integration of multiple management systems into a single enterprise solution. Integration of management systems, in today’s workplace, requires vast information technologies that introduce cybersecurity vulnerabilities.
This AMF Journal entry will cover the integration of two ISO management systems and cybersecurity guidance published by US National Institute of Standards and Technology (NIST). Specifically, these sources are:
ISO 55001 – Asset Management Systems
ISO 27001 – Information Security Management Systems
NIST Cybersecurity Framework (CSF) 2.0
Integration of cybersecurity with the organization’s Asset Management System (AMS) generates obvious benefits. As AMS’s become ever more digitized, the organization is exposed to additional cybersecurity vulnerabilities. An AMS is intent on generating value for an organization from and through assets. Cybersecurity vulnerabilities related to these assets and supporting activities are a risk to value realization.
A dominating source on how to identify and manage cybersecurity vulnerabilities is the NIST Cybersecurity Framework (CSF) 2.0. This framework introduces a structure for organizations to organize their approach to cybersecurity. The CSF 2.0 core functions and structure are shown below:
A detailed description of this core structure is provided in the CSF 2.0, link above. This AMF Journal entry highlights how ISO 55001, ISO 27001, and CSF 2.0 can be integrated to promote a safe, cyber aware, and cybersecurity capable AMS. The outcome of this effort is a pathway to extend integration of cybersecurity solutions and capabilities with activities that manage assets.