Prioritisation criteria include consideration of the degree to which an asset within the function may be leveraged to achieve a threat objective
Context and Guidance: The possibility of an asset being leveraged to achieve a threat objective is added to the criteria for prioritising IT and OT assets. It is important to consider that a threat actor may have multiple objectives and that those objectives may change over time or in different situations. Including additional criteria beyond those that are used for assets that are important to the delivery of the function will enable a more comprehensive prioritisation of the risks to, and impacts associated with, IT and OT assets.
Related Practices • Input From: Implementing ASSET-1b provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-1c, ASSET-1d.