Application of asset management in managing cyber security of complex systems

Society is increasingly dependent on the safe and secure operation of a wide range of complex physical-cyber systems. The consequences of failure of these systems can be very serious, particularly where they form part of a nation´s critical national infrastructure. There has been a trend to make greater use of commercial-off-the-shelf technology in the design of these systems, which exposes them to software and hardware vulnerabilities found in many consumer and enterprise systems. There is international recognition that a set of twenty critical security controls can provide significant protection for enterprise IT systems. Asset management is required for effective implementation of seven of these controls. This paper examines how an asset management can contribute to physical-cyber security. The use of asset management systems to support cyber security is novel. It requires additional information to be held regarding the nature, configuration and vulnerabilities of the hardware and software assets and thus supports situational awareness and threat assessment for new vulnerabilities.