Asset inventories are necessary to ensure organizations know what assets are being used within their environment.

These inventories also need to identify who is responsible for managing the identified assets. Asset inventory is the focus of pitfall #22 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.

Assets cannot be protected from existing or emerging threats if the personnel responsible for their protection are not aware that the assets exist within the environment. Asset inventories are also an important tool to help organizations track capital investments while reducing the likelihood of hardware theft going unrecognized.

Your organization should ensure that all information assets are clearly identified, documented, and maintained in an asset inventory. Active and passive discovery tools should be used on a regular basis to maintain and update the asset inventory. Your organization’s asset inventory should include the following:

  • Hardware Assets
  • Software Assets
  • Sensitive Information
  • Network Diagrams
  • Storage Media

All information assets should be owned by a designated role within the organization. The inventory should be documented with the granularity deemed necessary for the tracking and reporting of assets and should be reviewed at least annually. Appropriate updates should be made during each review.

The asset inventory should be updated as an integral part of system component installations, removals, and system updates. The inventory should include all the relevant information necessary to recover from a disaster. This includes the type or classification of the asset along with the format, physical location, backup information, license information, and the importance or criticality (business value) of the asset.

To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASECENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.