In order for SENTINEL to be able to offer relevant recommendations and policy, it needs to know information pertaining to the cyber assets of your organisation.
For example, an organisation which does not "own" its cyber assets (i.e. does not have direct acces to affect their setup and cybersecurity configuration, as in a SaaS offering, e.g. a Cloud CRM) cannot be recommended specific cyber configurations for the Cloud, only best practices to every day cybersecurity.
However, it's also necessary to circumvent the need to provide detail of each and every asset, a process which would be time-consuming and difficult to evaluate. Therefore, SENTINEL "generalises" this required information in a simple, quick and straightforward way.
During the organisation profiling phase, this is achieved by answering two high-level questions:
a) about the ownership of your assets and
b) about the deployment modality (locality) of your assets.
Both of these generic asset profile information will be taken into account when SENTINEL tailors its policy recommendations and measures to your organisation. Of course, the assumption is that such asset setups are mostly applicable horizontally to the entirety of your organisation. This may not always apply but please select the setup that best matches your individual setup.
The two generic asset profiling questions can be further explained as follows:
Assets ownership: This question addresses whether you own your assets (i.e. can setup and configure them at will) or depend on a third party to do so for you. You should select 'Not owned' if you do not manage, configure or deploy your own cyber assets (such as servers, networking devices, business workstations or on-premises business software). An example of an organisation in the 'Not owned' model is an organisation which depends 100% on third-party managed cyber assets such as SaaS licesnes (e.g. Cloud business email and/or a Cloud CRM or ERP). In all other cases, select 'Owned'.
Assets deployment model (locality): This question addresses whether your cyber assets reside in your own premises (i.e. you have physical access to them; for example an on-premises server or operating system) or in a third party, as is the case with the Cloud (for example, a Cloud VM, a storage service, or a SaaS app). An example of a hybrid setup would be running public cloud management (e.g. virtualisation) software on top of private and on-premises infrastructure with the capability to move data and/or workloads between the public and private cloud.
A third question asked is about the cyber expertise level. Here you should attempt to grade the technical expertise level of the people in your organisation handling cybersecurity and personal data protection.