What best practices for asset management should organizations use to minimize audit risks?
Sort By:
Oldest
Director of IT in Banking14 days ago
Start with basics by implementing a Configuration Management Database (CMDB). But it doesn't have to be a sophisticated system; you could do something as simple as making a list on paper to get started. The key is to list all the assets and identify those that are essential to the organization.Next, it is critical to know the latest installation or patch levels of these assets. You can do this by cross-referencing with websites like VirusTotal, which provide information on whether certain components are affected by vulnerabilities and how to address them, usually through patches.
To manage all this information effectively, it's best to use tools like SQL Server or Excel for quick sorting and analysis of the data, making it easier to stay on top of asset management and minimize audit risks.
1. Only enumerate and inventory your assets at application level.
2. Capture application criticality (Critical vs Important) via business owner and map it to a business process.
3. Demarcate all security controls deployment into two categories. Those that are applicable to be deployed for 'Important' application and those extras, that gets deployed for 'Critical' applications.
By following above 3 steps, you will reduce audit risks and findings by NOT wasting your efforts and budgets over securing 80% of the applications which are seldom classified as business 'critical' but you need to be very clear about definitions of what's important and critical for the business.