ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 20
CONTROL 01
01 - Inventory and Control of
Enterprise Assets
Safeguards Total
5
IG1
2/5
IG2
4/5
IG3
THE SAFEGUARDS
1.1
Establish and Maintain Detailed
Enterprise Asset Inventory
1.2
Address Unauthorised Assets
1.3
Utilise an Active Discovery Tool
1.4
Use Dynamic Host
Configuration Protocol (DHCP)
Logging to Update Enterprise
Asset Inventory
1.5
Use a Passive Asset Discovery
Tool
5/5
Actively manage (inventory, track, and correct) all enterprise assets
(end-user devices, including portable and mobile; network devices; noncomputing/Internet of Things (IoT) devices; and servers) connected to
the infrastructure physically, virtually, remotely, and those within cloud
environments, to accurately know the totality of assets that need to be
monitored and protected within the enterprise. This will also support
identifying unauthorised and unmanaged assets to remove or remediate.
Devices
Devices
Devices
Devices
Devices
Identify
Respond
Detect
Identify
Detect
Why Is This CIS Control Critical?
Enterprises cannot defend what they do
not know they have. Managed control of
all enterprise assets also plays a critical role
in security monitoring, incident response,
system backup, and recovery. Enterprises
should know what data is critical to them,
and proper asset management will help
identify those enterprise assets that hold
or manage this critical data, so
20
Did You Know?
that appropriate security controls can be
applied.
External attackers are continuously
scanning the internet address space of
target enterprises, premise-based or in
the cloud, identifying possibly unprotected
assets attached to an enterprise’s network.
Attackers can take advantage of new
assets that are installed, yet not securely
configured and patched. Internally,
unidentified assets can also have weak
security configurations that can make
them vulnerable to web- or email-based
malware; and, adversaries can leverage
weak security configurations for traversing
the network, once they are inside.
Nearly 66% of IT Managers have an incomplete record of their IT assets. Knowing what IT
Equipment you have and where is a critical function. We can help with an initial Asset Audit
and ongoing Asset List Management.
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
