Asset Management

Asset Management

• identify and classify our organization's assets

• assets is adequately protected

• implementing the appropriate controls

• • Asset Discovery

  • Asset Inventory

  • Asset Identification

  • Asset Classification

  • Asset labeling based on sensitivity and criticality

  • Asset Owners

  • Asset Roles

  • Asset Retention Policies

Data Classification

• Information classification policy

Asset Discovery Strategy:

Asset Discovery:

• Physical Devices

• • Desktops

  • Servers

  • Laptops

  • Mobile devices /IPAD/kiosks

  • OT/IOT

  • Printer

• Virtual devices

• Cloud assets

• SaaS applications

• Network appliances/Devices

• Application servers

Discovery Methods:

• PowerShell script to find Assets

• • https://www.powershellgallery.com/packages/AssetInventory/1.0.1.6

• Shell scripts

• NMAP scripts

• Network scanning and Continuous Monitoring with Nmap

• Tenable Host Discovery and OS Discovery scans

• Dark Trace

• PaloAlto

• MS ATP

• Sentinel One

• CMDB

• Server and System admin list

List to collect

• All windows servers managed by SCCM team

• All Linux Servers managed by SCCM team

• All windows desktops managed by SCCM team

• All Linux desktops managed by SCCM team

• Board approved software applications

• All Network Equipment

• • Routers

  • Switches

  • WAF

  • Load Balancers

  • Wi-Fi Assess points

  • Network Security control applications and solutions

• Domain Names

• IP ranges

• Virtual Instances

• Data backups

• Patch Management servers

• Active Directory

• Domain controllers

• DNS servers

• FTP servers

• Application servers

• Database servers

• Network Attached Storage

• DHCP

Asset Classification

• Asset Inventory with asset owner's information

• • Asset Owners

  • • Public

    • Private

    • Govt

  • Stakeholders

  • Tangible Assets

  • Intangible Assets

  • Data Owners

• Critical assets

• Critical Data handling

• Based on standards, Procedures, Baselines, Guidelines

• • PCI

  • HIPPA

  • CJIS

• Review asset labels

• Asset marking

• Asset categorization/grouping

• • Operating System

  • Geographical condition

  • Under specific compliance

  • Business unit

  • Geographic Location

Asset Protection

• Roles

• • Data owners

  • Data controller

  • Data processor

  • Data subject

  • Data steward

• Data in rest

• • Encryption

  • Access controls

  • Backup

• Data in motion

• • End to end t

  • Link

  • Onion routing

• Data in use

• Data Archive

• Data destruction

• • Destruction

  • Shred

  • drill

• Data purging

• • degaussing

• Data clearing

• • Formatting

  • Overwriting

  • Wiping

Asset Management

• Physical Devices

• Software Platforms

• Organization Asset Communication and data flow map

• Critical Asset Classification

• Cyber security team roles

• Separation of duties

*** Conduct Regular Review

References:

1. https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory