How to create an IT Asset Management System for your organization? Download this IT Asset Management Standard if you are working on IEC, NIST, ISO27001:2013, or other IT and Cyber Security Standards and control objectives.
Appropriate management of IT assets is a fundamental requirement of any Information Security Management System (ISMS). [Company Name] must employ robust IT asset management processes to ensure IT assets are identified, inventoried, and maintained.
In the context of this standard, an IT asset is that Company-owned or managed data link, physical device, o/s firmware, application, database, middleware (collectively known as a service) that connects to the enterprise. This document does not address information assets such as data or process documentation which should be inventoried within the appropriate management system (i.e. SharePoint, EDW), classified and handled in line with the Data Classification Standard and Handling Guidelines.
The System Owner is the individual (manager) and entity (organization e.g. [Company Name] IT communication unit, HR, Finance) that has approved management responsibility (business owner) for the support of the asset. The Business Owner is the individual (i.e. CTO / Chief Digital Officer / CFO / HoS / Directors) and entity (organization e.g. [Company Name] IT, HR, Finance) that has property rights (financial) of the asset.
- Data Link: ADSL, MPLS;
- Device: PABX, Switch, Router, Firewall, Server (physical & virtual), appliance, notebook, desktop, smartphone or tablet, printers;
- O/S: LINUX, Microsoft;
- Application: Oracle PeopleSoft Financials, Salesforce;
- Database Oracle;
- Middleware: SAS, SQL, Oracle Fusion, etc.
Project Management, Design, Implementation, Support and ISMS processes rely upon an accurate, asset inventory in order to operate effectively. These processes include, but are not limited to, the following:
- Data Link: ADSL, MPLS.
- Device: PABX, Switch, Router, Firewall, Server (physical & virtual), appliance, notebook, desktop, smart phone or tablet, printers.
- O/S: LINUX, Microsoft.
- Application: Oracle PeopleSoft Financials, Salesforce.
- Database Oracle.
- Middleware: SAS, SQL, Oracle Fusion.
The purpose of this standard is to set out the rules for securing the companies' data during transmission and storage. This document provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS).
Nowadays, with the digitalization of our society, the need for data protection became more important. The latest IT Security Standards involve the application of technology to broader social and institutional contexts, and thereby contributes to the servitization of companies, and affects how they compete and interact. This document contains security technology solutions to protect data classified as “Highly Sensitive”, “Sensitive”, “Private” or “Public” as per the Data Classification Standard and Data Handling Guidelines. Specifically:
- Cryptography – Encryption and hashing solutions for protecting sensitive data when in transit or storage, and
- Data Masking – Data masking is a technology for obscuring sensitive information in non-production environments. Through data masking [Company Name] protects the content of sensitive data in non-production environments to ensure that:
- Application developers, testers, privileged users and outsourcing vendors do not have unauthorized access to such information.
- The data maintains the referential integrity of the original production data.
Download this IT Asset Management Cybersecurity Standard now. Besides this document, make sure to have a look at the IT Security Roadmap
for proper implementation and this fit-for-purpose IT Security Kit
here with over 40 useful templates. The document(s) are easy to modify and can be downloaded directly after purchase.