Assets

Last updated 9 months ago

Overview

The Assets feature allows you to inventory and valuate your organization's critical resources. These assets are associated with a specific risk profile and can be referenced during crisis cell management, enabling accurate impact assessment.

Key Features

Asset Types

PanicSafe currently supports manual assets that are directly declared by users. In future versions, automatic assets will be available, automatically derived from the domain name provided in the associated risk profile using OSINT techniques.

Relationship with Risk Profiles

Each asset is mandatory linked to an existing risk profile. This association allows:

  • Organization of assets by entity

  • Calculation of the monetary value of assets based on the declared annual revenue

  • Integration of assets into the organization's overall risk analysis

Creating an Asset

Procedure

  1. Access the Assets section in the menu

  2. Select the risk profile to which the asset will be associated

  3. Click the New button

  4. Fill out the asset creation form

Required Information

For each asset, you will need to provide:

  • Type: Category of the asset. Available options:

    • Domain

    • IP

    • URL

    • Email

    • Identifier

    • Software

    • Hardware

    • Location

    • Country

    • Person

    • Organization

    • PhysicalObject

    • VirtualObject

    • BusinessUnit

  • Value: Specific identifier of the asset (hostname, IP address, application name, etc.)

  • Comment: Additional information useful for contextualizing the asset

  • Percentage of annual revenue: Portion of revenue this asset represents in case of loss or unavailability

Asset Valuation

The percentage of annual revenue is a key indicator that allows:

  • Quantifying the potential financial impact related to asset compromise

  • Prioritizing security resources based on business value

  • Automatically calculating the monetary value of the asset from the annual revenue declared in the risk profile

  • Estimating losses in case of a security incident involving this asset

Calculation Example

If your annual revenue is $10,000,000 and you attribute 5% to a critical production server, PanicSafe will value this asset at $500,000. This value will be used in impact estimations during an incident.

Usage in Crisis Cells

Declared assets can be directly referenced in crisis cells, which allows:

  • Quickly identifying resources affected by an incident

  • Accurately assessing the financial impact of an attack

  • Prioritizing remediation actions based on business value

  • Documenting impacts for post-incident analysis and insurance claims

Best Practices

For effective asset management:

  • First identify the most critical assets for your business

  • Be precise in defining the revenue percentage to reflect actual importance

  • Use comments to add information about dependencies between assets

  • Regularly update the inventory to reflect changes in your environment

For asset valuation:

  • Consult business teams to correctly estimate financial impact

  • Avoid overlap of percentages between interdependent assets

  • Consider indirect impacts such as reputation loss or regulatory sanctions

  • Align values with your cyber insurance policies if applicable

Future Developments

In upcoming versions of PanicSafe, the Assets feature will be enhanced with:

  • Automatic discovery of Internet-exposed assets via domain name

  • Dependency mapping between assets

  • Integration with external tools for inventory and asset management

  • Automatic risk assessment by asset