Asset management

Know what data and systems you manage, and what business need they support

What are assets?

Assets can be thought of as, anything that can be used to produce value for your organisation.

This includes information, such as intellectual property or customer data. It encompasses many types of technology too, both Informational Technology (IT) and Operational Technology (OT), hardware and software, physical locations and financial capital. And, of course, it includes people, their knowledge and skills.

From an information security perspective, we are primarily interested in two types of asset:

  1. assets that must be configured or managed to achieve security outcomes.

  2. assets that may be impacted as a result of a cyber incident.

What are the benefits of asset management?

Ability to identify what technology and information is in your organisation

Understand what is most important to deliver your organisation’s objectives, and to assess the impact if that technology or information becomes compromised in some way.

Ability to identify and assess vulnerabilities that may present a risk to your organisation

Throughout the lifetime of your systems, reducing the likelihood of a unknown system that has not been properly maintained being exploited and causing an incident.

Ability to apply and maintain proportionate security controls

By having an up-to-date understanding of your assets.

Ability to plan future technology cycles

To reduce the risk of legacy or unmanaged systems, as you can plan to replace these before they becomes a security risk.

What should you do?

  • integrate asset management into your organisation

  • understand your critical services and functions and identify the associated data and technology dependencies so you can prioritise these

  • improve and validate your knowledge

  • only keep what you really need

Related links