Organizations that do not understand the overwhelming importance of managing data and information as tangible assets will not survive the evolving digital economy. To stress this point further, The National Institute of Standards and Technology (NIST), a well respected US organization on developing technology standards and guidelines since 1901, published their view point in 2015 on IT Asset Management.
This document has set a precedent in the approach, architecture and security characteristics of IT Asset Management. However in this digital economy where Cyber threats are prevalent, it is also useful to remember the following:
- Information created and generated can take many forms including documents, application code, databases, spreadsheets, presentations, project plans, emails etc.
- These various types of information and the systems that maintain it become assets of great value to your organization so steps should be taken to understand the impact to your organization if such assets are breached, become unavailable or destroyed
- Adequate safeguards should be implemented for these assets based on some kind of information classification scheme where the protection increases as the value of the asset increases
- Define policies, standards and guidelines so that your organization knows how the different classifications of assets should be protected and implement manual and automated processes to monitor and enforce them
- Assess your internal and Internet facing systems, technology and IT operational processes for vulnerabilities on a periodic basis and remediate or minimize risks as soon as possible
- Continuously monitor your networks and systems for security incidents, be able to identify possible cyber attack vectors and then be ready to take prompt, appropriate remedial action