There is a lot to know about asset management because it has become more of a necessity for businesses across all verticals.
Let's first understand - what is an asset ??
Anything that has value to the organization is known as asset.
Now the question arise who should be the asset owner?
Asset owner can normally be a person who operates the asset and make sure that information related to this asset is protected.
why are assets important for information security management??
There are 2 reasons responsible for this :-
- Risk assessment
- Responsibility assignment
In risk assessment, we identify risk, threat and vulnerabilities whereas, in responsibility assignment we define asset owners.
Therefore, asset management is a set of business process design to manage lifecycle of assets.
If we talk about the benefits then
- It lowers IT costs,
- Reduces IT risk and
- Improves productivity
Asset management clauses are
8.1 (Responsibility for assets)
8.2 (Information classification)
8.3 (Media handling)
The purpose of the IT Asset Management Policy is to maintain accurate records of the organization physical
computer assets. This document establishes procedures to ensure that organization comply with government
regulations, legal industry standards and to ensure accurate reporting of physical assets.
Since ISO 27001 focuses on the preservation of confidentiality, integrity and availability of information, this means that assets can be:
Hardware – e.g. laptops, servers, printers, but also mobile phones or USB memory sticks.
Software – not only the purchased software but also freeware.
Information – not only in electronic media (databases, files in PDF, Word, Excel, and other formats) but also in paper and other forms.
Infrastructure – e.g. offices, electricity, air conditioning – because those assets can cause lack of availability of information.
An asset management policy guides how we purchase and maintain e-equipment and other assets. This ensures that purchases are made wisely, making the best use of our available resources and that we protect these investments by ensuring and maintaining them in good working order.