Versions Compared

Version Old Version 7 New Version 8
Changes made by

Jane Waterfall

Jane Waterfall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The NCSC has comprehensive guidance for organisations on asset management

 

What is an asset?


An asset is a resource or an item of property that is owned or controlled by a company and adds value. Business assets can include information (data), hardware and software. They can also include vehicles, people and infrastructure (offices, electricity, air conditioning).  

...

Once an organisation has identified its assets, they can then be factored and controlled when identifying risks, threats and vulnerabilities.

What is an asset register?


An asset register is essentially a document or series of documents that list and describe everything that has value to your company. It also nominates someone to be responsible for protecting the confidentiality, integrity and availability of each item. Despite being  time consuming, the activity of making an asset inventory serves as a crucial foundation for implementing cyber security controls. How can you protect something that you don't know about?

...

Documenting all your assets is the first step towards reviewing and understanding the relative value of your information assets to your business and the impact if they were lost, stolen, or damaged. Once you have identified which assets are most important (valuable) to your business, you can apply adequate protection and the appropriate security budget to them throughout their life cycle.

Label your stuff

An asset register should contain some key fields to make the tracking and identification of assets easier. Consider developing a system of unique IDs for each item in the inventory which can save confusion about overlapping technologies or identical multiple items. Asset tags can allow you to label physical devices.

...

  • A category name that groups similar asset types

  • Details of location: (Be aware of any assets that are moved around)

Know where it is

Are your assets on a local computer, cloud storage, on social media, a member of staff's computer, a USB stick, a database, or in a filing cabinet? Are they located at home, the main office, or in a storage unit?
If the asset is fixed, record the location.

  • Mobile assets: If the asset is mobile, record who uses it on a day-to-day basis and where it is typically used; mobile assets may be governed more by ownership than location. It may also be possible to track portable assets through the use of mobile device management (MDM) software.

  • An asset importance rating: The relative value and impact of losing the asset can be recorded using protective marking schemes. Common systems to record this include: (high, medium, low), (public, confidential, secret), or (red, amber, green).

  • An asset owner: Having a named owner for each asset ensures that someone is accountable for the activities required to keep it secure. Information asset owners will set the rules around data assets, such as classification, who can access them, and retention period.

Managing legacy

All software and hardware eventually becomes out of date. Continuing to use products beyond that point involves increased risk, or increased costs to mitigate those risks. Asset management can help organisations identify when systems will reach end of support and plan ahead.

The use of Bring your Own Devices ( BYOD)


If your organisation allows staff to use personal devices such as mobile phones for business purposes, those devices will need to be approved and tracked, but as they are not owned by the organisation, they will not be included in the asset register.

Removal of assets


Assets removed from your business estate must be removed from the asset register and disposed of securely.

Review your asset registry


Once you have created your asset register, you need to ensure that you regularly review it and ensure that information is kept up to date. When you buy new equipment, be sure to log it in the asset register, and when you move something or discard it, update your list. Your asset list is only as valuable as the care and detail you put into accounting and documenting each asset. It is worth being meticulous as an asset register gives you the visibility and awareness for many of your other practises and requirements.

...