This lack of contextual information makes it impossible to effectively prioritize cyber events or assess the impact of attacks. Because organizations do not have accurate mappings between mission tasks and the network assets on which they depend, decision makers cannot accurately assess mission readiness of their network assets or interpret operational impact of network failures or cyber attacks. Security analysts cannot report operational impact of cyber incidents or defensive countermeasures. Managers are unable to accurately assess mission or business risks associated with cyber incidents, or identify cascading operational effects from the degradation or loss of cyber assets.
A current and accurately map of the dependencies between mission tasks, information needed to perform those tasks, and the cyber assets that provide and communicate that information.