# Asset Management Asset Management * identify and classify our organization's assets * assets is adequately protected * implementing the appropriate controls * * Asset Discovery * Asset Inventory * Asset Identification * Asset Classification * Asset labeling based on sensitivity and criticality * Asset Owners * Asset Roles * Asset Retention Policies Data Classification * Information classification policy Asset Discovery Strategy: Asset Discovery: * Physical Devices * * Desktops * Servers * Laptops * Mobile devices /IPAD/kiosks * OT/IOT * Printer * Virtual devices * Cloud assets * SaaS applications * Network appliances/Devices * Application servers Discovery Methods: * PowerShell script to find Assets * * * Shell scripts * NMAP scripts * Network scanning and Continuous Monitoring with Nmap * Tenable Host Discovery and OS Discovery scans * Dark Trace * PaloAlto * MS ATP * Sentinel One * CMDB * Server and System admin list List to collect * All windows servers managed by SCCM team * All Linux Servers managed by SCCM team * All windows desktops managed by SCCM team * All Linux desktops managed by SCCM team * Board approved software applications * All Network Equipment * * Routers * Switches * WAF * Load Balancers * Wi-Fi Assess points * Network Security control applications and solutions * Domain Names * IP ranges * Virtual Instances * Data backups * Patch Management servers * Active Directory * Domain controllers * DNS servers * FTP servers * Application servers * Database servers * Network Attached Storage * DHCP Asset Classification * Asset Inventory with asset owner's information * * Asset Owners * * Public * Private * Govt * Stakeholders * Tangible Assets * Intangible Assets * Data Owners * Critical assets * Critical Data handling * Based on standards, Procedures, Baselines, Guidelines * * PCI * HIPPA * CJIS * Review asset labels * Asset marking * Asset categorization/grouping * * Operating System * Geographical condition * Under specific compliance * Business unit * Geographic Location Asset Protection * Roles * * Data owners * Data controller * Data processor * Data subject * Data steward * Data in rest * * Encryption * Access controls * Backup * Data in motion * * End to end t * Link * Onion routing * Data in use * Data Archive * Data destruction * * Destruction * Shred * drill * Data purging * * degaussing * Data clearing * * Formatting * Overwriting * Wiping Asset Management * Physical Devices * Software Platforms * Organization Asset Communication and data flow map * Critical Asset Classification * Cyber security team roles * Separation of duties \*\*\* Conduct Regular Review References: 1. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://moharat.gitbook.io/cylabs/introduction-to-cyber-security-operations/grc/information-security-and-risk-management/asset-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.