NSP Marketing
26 April 2019
3 min
ReadEver felt that moment of pain when Step 1 of your security framework advises you must identify all assets? It’s no surprise to us that without a clear understanding of our assets, there is little chance we can apply effective protection and monitoring to said assets, let alone be able to define which assets require extra protection and redundancy due to their critical nature.
The great avoidance tactic
When faced with the lack of an asset register, the monumental task of starting from scratch can overwhelm, causing us to avoid the issue and instead busy ourselves with the never ending list of more achievable tasks. If we’re unlucky, an auditor may highlight the issue in a report to management, but perhaps we can dazzle with other security solutions to make up for this oversight.
Break it down
Rather than caving to feelings of overwhelming panic, try to break the task down.
Step One: Identify just the critical in a register and note
* name
* owner
* location
* version
* criticality
Step Two: Identify the assets that support the above ‘critical’ assets. Note that automated network scanning tools often provide too much information, so sometimes the slow and steady approach is best.
Visibility
With an asset register in place, you will now have a clearer view of
* upcoming vulnerability and patch management
* monitoring needs
* disposal requirements as assets reach end of life
* change and configuration management
* access management
* threat and risk assessments
The last word
An asset register is always must for any good security program.
Enter your details below to stay up-to-date with the latest IT solutions and security measures.