Cyber-Security: Understanding Asset Management

When considering optimal cyber-security practices, it’s important for organisations to have a complete understanding of what they are protecting. Having detailed information on every organisational asset is key for being able to properly assess cyber-security needs and potential cyber-risks.

An asset can be defined as anything that produces value for an organisation. This may include intellectual property and customer data. Managing these assets properly can help employers in various aspects of organisational cyber-security. For example, risk management cannot be conducted accurately if the assessment does not include certain cyber-related assets.

When approaching asset management for cyber-security purposes, organisations should consider the following steps:

  • Check assets regularly. Continuously assess and account for assets to maintain an accurate inventory and detect potentially unauthorised changes.
  • Stay on the same page. Make asset-related records available to all stakeholders and necessary personnel, and ensure that all parties agree upon the findings.
  • Keep detailed records. As information related to assets is regularly collected, make sure that timestamps or confidence scores are used to demonstrate if the records may be outdated or uncertain.
  • Consider confidentiality. Limit access to all assets. Consider which assets are relevant or necessary for certain employees to access and consider blocking others.
  • Categorise assets accordingly. Sorting assets into various levels based on importance can help with assessing risk levels and cyber-security measures.

Poor asset management can create major weaknesses in cyber-security. For more information on this subject, click here.

 

 

Contains public sector information published by the ICO and NCSC and licensed under the Open Government Licence v3.0.

The content of this blog is of general interest and is not intended to apply to specific circumstances or jurisdiction. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice from their own legal counsel. Further, the law may have changed since first publication and the reader is cautioned accordingly. Content by Zywave, Inc. All rights reserved. Provided by TH March.

Read our other posts

How to Protect Your Charity From Cyber-attacks

How to Protect Your Charity From Cyber-attacks

Cyber-crime is a threat that must be understood and properly prepared for. Charities and not-for-profit organisations may have good intentions within their missions, but that does not mean that cyber-criminals will spare them. According to the 2021 Cyber Security Breaches Survey—commissioned by the Department for Digital, Culture, Media & Sport as part of the National […]

Chemical Safety in the Workplace

Chemical Safety in the Workplace

Chemicals are one of the most common types of hazardous substances. A variety of frequently used products contain chemicals, such as cleaning products, pesticides and paint. Many organisations use some of these substances on a regular basis. As such, it’s important for employers to take necessary precautions to protect employees, contractors and others who may […]

Risk Management Guidance for Property Owners

Risk Management Guidance for Property Owners

Owning property can be lucrative and rewarding, but it may also come with various challenges and potential risks. When a property owner lets space to tenants, additional risks related to liability can become an issue. A study by RSA Insurance looked into the leading risks and hazards that landlords face while attempting to let property. […]

Steps to Take After Experiencing a Cyber-attack

Steps to Take After Experiencing a Cyber-attack

When a cyber-attack occurs, how your organisation responds can make all the difference in mitigating the damages. In particular, time is of the essence. That’s why it’s vital for your organisation to have an effective cyber-incident response plan in place that specifically addresses key actions to implement immediately following an attack. During these initial hours, […]

Steps Leaders Can Take to Support Mental Well-being

Steps Leaders Can Take to Support Mental Well-being

Organisations may already have considered mental well-being a priority before the coronavirus pandemic, but many mental health issues have become more frequent or troublesome since. The mental well-being of workers can be greatly impacted by the behaviour of an organisation’s leaders. With that in mind, those in leadership positions should consider the following steps: Lead […]