It’s impossible to protect everything in your environment if you don’t know what’s there. All system components and their dependencies need to be identified. This isn’t a mere inventory listing. Adding the dependencies and trust rela- tionships is where the effort pays off.

This information is useful in many ways

• If Server A is compromised incident responders can quickly assess what other components may have been affected by reviewing its trust relationships
• Having a clear depiction of component dependencies eases the re-architecture process allowing for faster, more efficient upgrades
• Creating a physical map in accordance with data flow and trust relationships ensures that components are not forgotten
• Categorizing system functions eases the enclaving process

Don’t know where to start? It’s usually easiest to map one business process at a time. This enables everyone to better understand the current environment and data operations. Once the maps are completed they must be updated peri- odically to reflect changes in the environment.

Click here to see an example of a Data Flow Map. The more you know, the better prepared you can be!