7 River Systems

Cyber Security and Resilience

  • Home
  • About
  • Services
  • Articles
  • Contact
    • Work With Us
You are here: Home / Business & Technology / How to Use an Asset Inventory to Protect Your Systems

How to Use an Asset Inventory to Protect Your Systems

Posted on 02/02/2017 Leave a Comment

Taking the first steps to secure your business is always difficult – especially if you’re starting from scratch. At 7 River Systems, we maintain that one of the best ways to immediately improve your security is to understand your information assets – that is, your systems, networks, and data. These information assets are the cyber equivalent of the achilles heel, and they are compromised, your entire business can potentially come crumbling down. By knowing more about your information assets, you have the home field advantage – and the ability to better protect your IT infrastructure. In this blog post, we’ll explain how to build an asset inventory and how it can help you maintain your own or your organization’s security posture.

Building an Asset Register

An asset register is a detailed accounting of all of your information assets. Let’s clarify what qualifies as an information asset:

  • Hardware – desktops, laptops, servers, mobile devices (phones/tablets), routers, firewalls, etc. – if it’s a piece of information technology equipment, it probably belongs in this category.
  • Software – any software or apps (free or paid) being used on any of your systems.
  • Data – the key information that your organization stores and processes. It may include information that is on paper or in digital form. It could be stored in files or in a database/repository.
  • Services – it’s very popular for individuals and organizations to use online or outsourced services as part of their IT setup. This might include e-mail (e.g. Google, Outlook 365), accounting (e.g. QuickBooks Online), hosting infrastructure (e.g., GoDaddy, Amazon Web Services, Microsoft Azure), Customer Relationship Management (CRM) (e.g. Salesforce) and much more. Even though these services are often managed by someone else, it is important to account for them as part of your asset inventory, since they are also part of your own information environment.
  • Non-IT Infrastructure – the assets that are not part of your information environment, but underpin it. Examples include electricity, heating/cooling, and physical security such as an alarm system. If one of these systems fails, it could place jeopardize the security or reliability of your information assets.
  • People – your people are some of your most valuable information assets, especially if you’re working in an industry that requires specialized expertise. Your people know your business, trade secrets, customers, and a whole lot of intangibles that aren’t necessarily written down.

Now that you know what qualifies as an asset, let’s build a template that we can fill in. We’ve provided a very simple example below, but feel free to add to it according to your business, security and organizational needs.

 

Asset ID Name of Asset Description of Asset Type (Hardware, Software, Data, etc.) Location Does it Contain Personal Data? Does it Contain User Data? Does it Contain Sensitive Data? Asset Owner Asset Custodian
1 Paul’s Laptop Macbook Air
Serial No. 12345
Hardware Mobile Device Yes No Yes Paul P. Paul P.
2 Company Laptop Dell Poweredge Server
Serial No. 23456
Hardware Server closet at Company HQ, 123 Main St Yes Yes Yes Paul P. Bob A.
…

In your register, you’ll want to specify the name of each asset, a description (including model, service tag, serial number, or activation key if applicable), the type, location, and what kind of data it contains. You’ll also want to specify an asset owner and an asset custodian.

  • Asset Owners are responsible for the overall information asset, as well as supplying/updating information for the asset inventory, determining if any information on the asset is sensitive, ensuring that sensitive data is protected, sponsoring regular audits, and determining who should have access to the asset.
  • Asset Custodians are responsible for safeguarding information on the asset, implementing access control systems, maintaining backups, and other tasks required to implement, operate, and maintain security measures defined by asset owners.

In a large organization, asset owners might be heads of departments or business units, with asset custodian roles assigned to IT and security personnel. In smaller organizations, asset owners are typically the business owner or manager, with asset custodians as the IT point-of-contact.

As you build your register, you’ll want to interview asset owners and asset custodians throughout your business and list as many assets as possible. Try to be as detailed as possible; it’s easier to remove items from the list later than to have gaps, which might mean overlooking a critical security gap.

Using the Asset Register

Once you have an asset register, you can use it in many different ways, just a few of which include:

  • Keeping track of inventory to ensure that assets are used on a regular basis, and are secured from physical theft
  • Seeing where your sensitive data is, and taking steps to secure it, if you haven’t already
  • Subscribing to vulnerability alerts for your hardware/software/services so that you can quickly take countermeasures in the event of a problem
  • Holding your asset owners accountable for maintenance and security of critical assets

Cyber- and information-security isn’t always a cumbersome, expensive, high-tech process. Sometimes it just means knowing what you have, where it is, who is responsible for it, and if it should be protected. After that, it’s much easier to take the next steps to ensure that your data is secure.

Need help crafting, planning and filling in your Asset Register? Do you want guidance on next steps for securing your information assets? Do you think you have everything in hand, but just need to ask a few questions? 7 River Systems can help you, no matter where you are located – contact us today to keep moving forward with your security project.

Filed Under: Business & Technology, Security Issues

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s Get Started!

Need help with your project?
Have an emergency and need us right away?
Contact us today and we'll get right back to you.

Get in Touch

Copyright © 2019 · 7 River Systems, LLC