Asset Catalog
This catalog lists the primary assets identified within the Scheol Lab environment. Each asset is evaluated based on confidentiality, integrity and availability requirements and assigned to a responsible role. Detailed descriptions of each asset are documented in dedicated asset pages.
Owner roles:
- Sec: Security Role - responsible for hardening, monitoring, risk & compliance simulation.
- Ops: Operations - deployment, patching, backups.
- Dev: Development - CI/CD, code management, orchestration.
Status legend:
- Deployed: fully implemented, controls applied.
- In Progress: partially deployed, some controls active.
- Planned: roadmap, future deployment.
Exposure: Exposure indicates the level of accessibility of the asset. For infrastructure assets it reflects network exposure (e.g. internal, perimeter, internet-facing). For information assets it reflects data access restrictions (e.g. internal, restricted).
Criticality Score: Criticality reflects the potential impact of a compromise or service disruption on the lab environment.
Business Assets
| Asset ID | Asset Name | Description | Owner | Status |
|---|---|---|---|---|
| BUS-ACC-01 | Secure Remote Access | Controlled administrative access to infrastructure through a bastion and identity management system. | Sec | 🚧 Planned |
| BUS-IDM-01 | Identity & Access Management | Centralized authentication and identity lifecycle management. | Sec | 🚧 Planned |
| BUS-MON-01 | Security Monitoring & Detection | Collection and analysis of logs and security events to detect malicious activity. | Sec | 🚧 Planned |
| BUS-AUT-01 | Infrastructure Automation | Automated deployment and configuration management of infrastructure components. | Dev | 🚧 Planned |
| BUS-DOC-01 | Governance & Documentation | Documentation of infrastructure, governance processes, and security procedures. | Dev | ⏳ In Progress |
Infrastructure Assets
| Asset ID | Asset Name | Asset Category | Criticality Score | Exposure | Owner | Location | Status |
|---|---|---|---|---|---|---|---|
| INF-PRX-01 | Proxmox Host | Virtualization Platform | 🟥 High | Internal | Ops | On-Premise | ✔️ Deployed |
| INF-OPN-01 | OPNsense Firewall | Network Security | 🟥 High | Perimeter | Sec | Proxmox VM | ⏳ In Progress |
| INF-INF-01 | Infrastructure | Core Infrastructure (Aggregate) | 🟥 High | Internal | Ops | Scheol Lab | ⏳ In Progress |
| INF-VPS-01 | Public VPS | Web Hosting | 🟥 High | Internet-facing | Ops | Web Hosting Service | ⏳ In Progress |
| Inf-DOC-01 | Documentation Server | Web Hosting | 🟥 High | Internet-facing | Dev | Public VPS | ⏳ In Progress |
| INF-BCK-01 | Backup Storage | Data Protection | 🟥 High | Internal | Ops | On-Premise / Proxmox VM | 🚧 Planned |
Infrastructure asset: this asset represents the overall lab infrastructure and is used for risks affecting multiple infrastructure components simultaneously.
Security & Service Platforms
| Asset ID | Asset Name | Asset Category | Criticality Score | Exposure | Owner | Location | Status |
|---|---|---|---|---|---|---|---|
| PLT-VIR-01 | Proxmox Virtualization Platform | Virtualization Platform | 🟥 High | Internal | Ops | Internal infrastructure | ⏳ In Progress |
| PLT-BST-01 | Teleport Access Platform | Remote Access / Bastion | 🟥 High | Restricted | Sec | Proxmox VM | 🚧 Planned |
| PLT-SIEM-01 | Logging & Monitoring Platform | Security Monitoring | 🟥 High | Internal | Sec | Proxmox VM / CT | 🚧 Planned |
| PLT-AUT-01 | Automation Platform | Orchestration / CI-CD | 🟨 Medium | Internal | Dev | Proxmox VM / CT | 🚧 Planned |
| PLT-IMP-01 | Identity Management Platform | Identity Service | 🟥 High | Internal | Sec | Proxmox VM | 🚧 Planned |
| PLT-DOC-01 | Documentation Platform | Knowledge Management | 🟥 High | Internet-facing | Dev | Public VPS | ⏳ In Progress |
| PLT-NET-01 | Network Security Platform | Network Security | 🟥 High | Internet-facing | Sec | Public VPS | ✔️ Deployed |
| PLT-EXT-01 | Public Infrastructure Platform | External Infrastructure | 🟥 High | Internet-facing | Ops | Public VPS | ✔️ Deployed |
Information Assets
| Asset ID | Asset Name | Asset Category | Criticality Score | Exposure | Owner | Authoritative Source | Status |
|---|---|---|---|---|---|---|---|
| DAT-CFG-01 | Infrastructure Configuration Data | Infrastructure Configuration | 🟥 High | Restricted | Dev | Configuration Repositories | ⏳ In Progress |
| DAT-CDT-01 | Secrets & Credentials | Authentication Data | 🟥 High | Restricted | Sec | Secure Secrets Storage / Vault | ⏳ In Progress |
| DAT-BCK-01 | Backups | Data Backups | 🟥 High | Restricted | Ops | Backup Storage | 🚧 Planned |
| DAT-LOG-01 | Log Data | Security Monitoring | 🟥 High | Internal | Sec | Logging & Monitoring Platform | 🚧 Planned |
| DAT-PPI-01 | Identity & Access Data | Identity Management | 🟥 High | Restricted | Sec | Identity Management Platform (LDAP Directory) | 🚧 Planned |
| DAT-DOC-01 | Security Documentation | Governance & Technical Documentation | 🟥 High | Restricted | Dev | Documentation Platform | ⏳ In Progress |
| DAT-AUT-01 | Automation Playbooks | Infrastructure Automation | 🟥 High | Restricted | Dev | Internal repositories (Git / CI/CD) | ⏳ In Progress |
| DAT-RES-01 | Research Notes | Knowledge Asset | 🟨 Medium | Internal | Dev | Internal Documentation Repositories | 🚧 Planned |
Notes
- Criticality Score is derived from the highest impact among C, I, and A.
- This catalog is living and will be updated as assets are deployed, hardened, or retired.
- For assets with multiple components (e.g., Logging hosts: Wazuh, Prometheus, Grafana), creating sub-pages is actually considered for detailed configuration, which would then be linked in the sidebar.
Methodological References:
- ISO 27001 - Control 5.9 Inventory of information and other associated assets ; Control 5.10 Acceptable use of information and other associated assets.
- NIST CSF - ID.AM Asset Management.
- GDPR - Definition and protection of personal data.
- EBIOS RM - Asset identification as an early step of the risk analysis process.