Whatever size your business is or sector you operate in, if you work digitally then you face threats of cyber-attacks. With advancements in technology constantly evolving, cyber security and good cyber practices are crucial for all businesses working and storing information online.
Therefore, it’s important that not only do you know how to protect your business, but also know what you are protecting.
Asset management is an essential process for organisations to protect their informational property against cyber threats or attacks. It is included as one of the themes of IASME’s Cyber Assurance Standard, which provides a structured way for organisations to achieve cyber resilience flexibly and affordably.
Are you aware of all the assets your business owns? Do you have detailed documentation of where information is being stored and who it is accessed by?
Too many businesses misjudge the amount of assets that could be at risk and do not have the systems in place to monitor them correctly. Both physical and informational assets need to be documented to ensure that you know what you have, and therefore be able to check if its securely protected.
Your asset management process and awareness should showcase that you understand what your key assets are and how they connect within the business, so you know which risks have most potential impact. It needs to consider all dependencies between assets – including elements of the supply chain, staff, externally developed systems and processes – as well as anything not entirely under your organisations’ control.
Asset Registers
An asset register keeps track of all assets across your business’ people, processes and policies. It is important to note this does not just involve informational assets, but physical as well, such as end user devices, servers, mobile phones and media devices.
Informational assets include any data which has value or impact to the business, stakeholders, supply chain and other third-parties. Information storage and processing systems – including any intellectual property – need to be recorded. All assets on the register should include details of asset category, location, all location changes, value, and be assigned to a specific owner. The register may also include details of company property, databases and staff access.
It is important to log where information is stored, so that you can understand what may be at most risk. If an employee loses their company laptop, are details of the model and serial number documented so its loss can be reported? Can permissions be revoked to prevent misuse or unauthorised access? Do you know which types of information were accessible on the device, and are preventative measures in place to ensure these are not compromised?
Asset registers can be as small or as large as your business requires, depending on its size and complexity, and should be monitored and revisited regularly to ensure it is up to date. This includes events such as device loss, equipment replacement or revised documentation and processes. By ensuring you have an updated register and robust disposal process in place, you keep control over all your assets, making spotting vulnerabilities or risks easier and more efficient.
For more information on IASME Cyber Assurance, please visit our dedicated page to see how we can help you to certification.
Or book a free 30-minute consultation to speak with one of our team.
