The management of asset inventories is not linked to data governance or business impact assessment activities (ASSET-1a, PRIVACY-AP1)
Context and Guidance: Asset inventories are used as a source of truth to support other business activities. If your organisation has not established asset inventories (i.e., ASSET-1a is "No"), this Anti-Pattern is "Present".
The management of your asset inventories should be linked to data governance or business impact assessment (BIA) activities, to provide confidence that the inventories contain accurate and complete information.
Data governance ensures that your organisation knows what types of data it holds / processes, so that the risk associated with holding / processing that data can be appropriately managed.
BIAs support you in determining which assets the organisation considers to be critical and/or sensitive.
Knowing the types of data your organisation has, how important it is, and where it is stored, is critical to understanding how a threat actor may target your organisation to achieve a threat objective.
PRIVACY-AP1 must be "Not Present" for this Anti-Pattern to be "Not Present".