Need for more IT Asset Management in the security domain

782Views
172 Shares

Need for IT Asset Management

The effective management of IT assets (including hardware, software, peripherals such as USB drives, and cloud assets) is recognised as key to ensuring the confidentiality, integrity and availability of information assets. This is reflected in the inclusion of asset management as a key control in ISO27001.

To effectively manage, utilize, and secure assets which store or process information and data, it’s a necessity to know their locations and functions, as well as attributes such as version, patch status and owner so IT security professionals can assess threat levels and vulnerabilities.

IT security professionals are challenged by the vast variety of hardware and software and cloud services they must trace, and by a lack of asset focused governance. 

This complexity makes it difficult to assess vulnerabilities or to respond quickly to threats, and to correctly assess information security risks in the first place.

 Solving the problem

The ISO19770 family of standards was developed to provide a framework for the management of IT assets across an organisation that can be utilised by IT security professionals to understand and meet these challenges. ITAMOrg IT Asset Management certification is fully aligned to ISO19770 and provides professionals and organizations with best-practice knowledge on how to enable and execute IT Asset Management to:

  • Achieve alignment and integration between information security, IT Service Management and IT Asset Management e.g. optimize control through the development of a Configuration Management system (CMS) supported by effective incident management, Request Fulfillment and Change Management
  • ensure faster response times to security signals by exposing the location, configuration, and owner of a device
  • Improve audit performance, with a reduction in, or the elimination, of adverse asset management findings
  • increase cybersecurity resilience: you can focus your attention on the most vulnerable assets
  • support the provision of comprehensive system information to auditors
  • calculate how many software licenses are consumed and ensure they have been paid for
  • assure that required support & maintenance is in place to enable a comprehensive response to security incidents and ensure the latest updates are available for critical hardware and software
  • optimize the internal use of software and licenses by identifying the actual operational application of licenses 
  • reduce service desk response times: staff will know what is installed and the latest pertinent errors and alerts
  • reduce the attack exterior of each device by ensuring that software is accurately patched

Related publications

Foundations of Information Security Based on ISO27001 and ISO27002 – 3rd revised edition

IT Asset Management Foundation (ITAMF) – Workbook – Second edition

 

Leave a Reply

Your email address will not be published. Required fields are marked *