IT Asset Management Checklist for Security Assessment


Below list of the information asset that should be acquired before performing security assessment:

DNS/NetBIOS name of the asset
This is the name of the system; typically the domain name system (DNS) name and the NetBIOS name will be the same. This is one more way to map the system to the IP address and the Media Access Control (MAC) address.

Operating system of the asset
Although obvious, this is important to the patch management process. If you don’t know what your systems are running, it is difficult if not impossible to know what vulnerabilities to monitor for, and to plan the patching stages.

Listening services on the asset
One of the oldest concepts in information security is the one of least privilege. Systems should not have services listening on them that are not being used. Documenting what is listening on each system and what is needed on each system is a critical step.

Physical location of the asset
This is the physical location and department of the asset. This is an obvious thing to document, because from time to time, IT resources may have to physically access the system.

Owner of the asset
There are two data points for this category. You should know both who the typical user of the system is, as well as whom in the organization is ultimately responsible for that asset on both an IT and a management level.

Classification of the asset
This is the classification of the asset and the data contained on that asset. As we discussed, this is an important step in the entire vulnerability management process.


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.desktopauditing.com/trackback/169

User login

Who's new

  • toolwerx
  • Papabaz
  • onendoclame
  • RakvallWeet
  • invijah

Who's online

There are currently 0 users and 1 guest online.