When considering optimal cyber-security practices, it’s important for organisations to have a complete understanding of what they are protecting. Having detailed information on every organisational asset is key for being able to properly assess cyber-security needs and potential cyber-risks.
An asset can be defined as anything that produces value for an organisation. This may include intellectual property and customer data. Managing these assets properly can help employers in various aspects of organisational cyber-security. For example, risk management cannot be conducted accurately if the assessment does not include certain cyber-related assets.
When approaching asset management for cyber-security purposes, organisations should consider the following steps:
- Check assets regularly. Continuously assess and account for assets to maintain an accurate inventory and detect potentially unauthorised changes.
- Stay on the same page. Make asset-related records available to all stakeholders and necessary personnel, and ensure that all parties agree upon the findings.
- Keep detailed records. As information related to assets is regularly collected, make sure that timestamps or confidence scores are used to demonstrate if the records may be outdated or uncertain.
- Consider confidentiality. Limit access to all assets. Consider which assets are relevant or necessary for certain employees to access and consider blocking others.
- Categorise assets accordingly. Sorting assets into various levels based on importance can help with assessing risk levels and cyber-security measures.
Poor asset management can create major weaknesses in cyber-security. For more information on this subject, click here.
Contains public sector information published by the ICO and NCSC and licensed under the Open Government Licence v3.0.
The content of this blog is of general interest and is not intended to apply to specific circumstances or jurisdiction. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice from their own legal counsel. Further, the law may have changed since first publication and the reader is cautioned accordingly. Content by Zywave, Inc. All rights reserved. Provided by TH March.