ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 21
2.1
Establish and Maintain a
Software Inventory
Safeguards Total
Applications Identify
2.2
Ensure Authorised Software is
Currently Supported
Applications Identify
2.3
Address Unauthorised
Software
Applications Respond
2.4 Utilise Automated Software
Inventory Tools
Applications
2.5
2.6
Protect
Allowlist Authorised Scripts
Applications
7
IG1
3/7
Protect
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
6/7
IG3
7/7
Actively manage (inventory, track, and correct) all software (operating
systems and applications) on the network so that only authorised software
is installed and can execute, and that unauthorised and unmanaged
software is found and prevented from installation or execution.
Why Is This CIS Control Critical?
A complete software inventory is a
critical foundation for preventing attacks.
Attackers continuously scan target
enterprises looking for vulnerable versions
of software that can be remotely exploited.
For example, if a user opens a malicious
website or attachment with a vulnerable
browser, an attacker can often install
backdoor programs and bots that give the
attacker long-term control of the system.
Attackers can also use this access to move
laterally through the network. One of
the key defenses against these attacks is
updating and patching software. However,
without a complete inventory of software
assets, an enterprise cannot determine if
they have vulnerable software, or if there
are potential licensing violations.
Even if a patch is not yet available, a
complete software inventory list allows an
enterprise to guard against known attacks
until the patch is released.
1
IG2
Protect
Allowlist Authorised Libraries
Applications
2.7
Detect
Allowlist Authorised Software
Applications
02 - Inventory and Control of
Software Assets
4= Implentation Group 2
5= Implentation Group 3
Did You Know?
Some sophisticated attackers use “zeroday exploits,” which take advantage of
previously unknown vulnerabilities that
have yet to have a patch released from
the software vendor. Depending on the
severity of the exploit, an enterprise can
implement temporary mitigation measures
to guard against attacks until the patch is
released.
Management of software assets is
also important to identify unnecessary
security risks. An enterprise should review
its software inventory to identify any
enterprise assets running software that
is not needed for business purposes. For
example, an enterprise asset may come
installed with default software that creates
a potential security risk and provides no
benefit to the enterprise. It is critical to
inventory, understand, assess, and manage
all software connected to an enterprise’s
infrastructure.
CONTROL 02
THE SAFEGUARDS
21
56% verify asset location only once a year, while 10-15% verify only every five years. Regular
asset & inventory maintenance is crucial to keeping accurate records. We can help you with
your Software Inventory and Control Management.
