Why are asset registers so hard?

NSP Marketing

26 April 2019

3 min

Read

Ever felt that moment of pain when Step 1 of your security framework advises you must identify all assets? It’s no surprise to us that without a clear understanding of our assets, there is little chance we can apply effective protection and monitoring to said assets, let alone be able to define which assets require extra protection and redundancy due to their critical nature.

The great avoidance tactic

When faced with the lack of an asset register, the monumental task of starting from scratch can overwhelm, causing us to avoid the issue and instead busy ourselves with the never ending list of more achievable tasks. If we’re unlucky, an auditor may highlight the issue in a report to management, but perhaps we can dazzle with other security solutions to make up for this oversight.

Break it down

Rather than caving to feelings of overwhelming panic, try to break the task down.

Step One: Identify just the critical in a register and note

* name

* owner

* location

* version

* criticality

Step Two: Identify the assets that support the above ‘critical’ assets. Note that automated network scanning tools often provide too much information, so sometimes the slow and steady approach is best.

Visibility

With an asset register in place, you will now have a clearer view of

* upcoming vulnerability and patch management

* monitoring needs

* disposal requirements as assets reach end of life

* change and configuration management

* access management

* threat and risk assessments

The last word

An asset register is always must for any good security program.

Let’s stay in touch!

Enter your details below to stay up-to-date with the latest IT solutions and security measures.