...
Making and maintaining an asset register is considered a security best-practise and is a practical first step that will assist with other important requirements. A comprehensive asset registry is usually an important component to your insurance policy, accounting process or procurements and as your organisation grows in its cyber security journey, it will informs your risk assessment as well as an incident response plan.
Most business operations depend on some aspect of asset management. This includes IT operations, financial accounting, managing software licences, procurement and logistics. While they may not all need the same information, there will be some overlap and dependencies between the respective requirements. The security aspect should not be considered in isolation or as the primary consumer of asset information, so integrating and coordinating asset management across your organisation will help reduce or manage any conflicts between these functions.
Ensure all assets are accounted for by the asset management process. This should include physical, virtual and cloud resources, along with your organisation’s internet presence, in the form of social media accounts, domain name registrations, IP address spaces and digital certificates. This Comprehensive asset management helps avoid any assets not being configured with the appropriate security controls and is required for compliance and vulnerability scanning (for those certifying to Cyber Essentials Plus).
...
An asset importance rating: The relative value and impact of losing the asset can be recorded using protective marking schemes. Common systems to record this include: [high, medium, low], [public, confidential, secret], or [red, amber, green]
An asset owner: Having a named owner for each asset ensures that someone is accountable for the activities required to keep it secure. Information asset owners will set the rules around data assets, such as classification, who can access them, and retention periods
Managing legacy. knowing versions for all the software installed on your machines helps identify a much wider range of vulnerabilities than just knowing the operating system version. Where certain details may be difficult or costly to capture, consider whether these could be captured less frequently or retrospectively, alongside other mitigations such as network separation. This helps ensure that asset data can be used effectively and does not become unusable as a result of gaps in collection. All software and hardware eventually becomes out of date. Continuing to use products beyond that point involves increased risk, or increased costs to mitigate those risks. Asset management can help organisations identify when systems will reach end of support and plan ahead.
...