Guide for an asset inventory management in industrial control systems
Can we protect what we don’t know?
What should our first step be to protect our assets?
These matters are not usually raised, though organisations are increasingly aware of them and are increasingly implementing security measures to raise the cybersecurity level in their devices and networks, which entails a recurring problem: ignorance of the total number of assets they hold and their respective scopes.
This ignorance makes it difficult to deploy security measures that cover each and every one of the organisation’s elements, so it is useful to specify what we want to protect, where it is located and its scope, as well as any other additional information of interest that may be useful, since the more information you have, the more accurate the decision-making process will be and the more effective the protection plans will be for them in particular and for the organisation in general.
It is a good idea to draw up an asset inventory as the first measure in the execution of a cybersecurity management plan. There are numerous tools to help with that, both open source and commercial, besides various types of inventories and implementations.
Regardless of the options chosen, a few steps must be followed when preparing it to make the task easier; they range from defining the scope to reviewing and maintaining it.
An asset inventory is also useful in industrial control systems, since it offers comprehensive information about all the elements involved in the process, which contributes to: managing their vulnerabilities, responding to incidents more efficiently and in a more structured fashion, and identifying operational failures, as well as the cost reduction that comes with all this.
This guide seeks to provide the basic knowledge that will serve as a starting point for conducting an asset inventory. In it you will find:
- An introduction to asset inventory as a way to solve the problem of organisations’ ignorance of their own assets.
- Advantages of inventorying assets, as well as the types that exist and the different possible implementations, manual, automatic and mixed.
- Managing assets by classifying them according to their nature and the information it will be useful to gather about each of them.
- Review of the various tools available to carry out this task, both open source and proprietary.
- Steps needed to create an asset inventory from scratch, since the great number of devices requires order and guidelines to reduce possible difficulties.
- Inventory maintenance. Once it has been done, it is important to set a schedule for updating it, since an out-of-date inventory does not reflect reality and, therefore, loses its usefulness.
- Conclusions highlighting the usefulness of asset inventory in industrial control systems.
The full guide can be downloaded through the following link:
