Telegram Group & Telegram Channel
Telegram Group Β» India Β» IT Audit and Governance Β» Telegram Webview Β» Post 343
IT Audit and Governance
πŸ›‘οΈ The ABCs of Cybersecurity Audit: Focusing on Asset Management - The Definitive Edition πŸ› οΈ

Hello Cyber Warriors! πŸ‘‹ Today, we're taking a comprehensive look at Asset Management within cybersecurity audits, enriched with references to industry standards and frameworks. Buckle up, because we're about to get technical! 🎯
---
πŸ“‹ ID.AM-1: Physical Device Inventory πŸ–₯️
- Function: IDENTIFY
- Category: Asset Management
- Audit: Physical devices and systems within the organisation are inventoried.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-1 Checklist:
1. 🧾 Create a device registry
- Example: Use a centralised asset management system to record all servers, laptops, and mobile devices.
2. πŸ•΅οΈβ€β™€οΈ Use network scanning tools
- Example: Employ tools like Nmap to scan for devices connected to your network.
3. πŸ”„ Regularly update the inventory
- Example: Automate alerts to review the inventory every quarter.
4. 🎫 Label all devices
- Example: Use QR codes to label devices for quick scanning and identification.

πŸ“ ID.AM-2: Software Inventory πŸ“¦
- Function: IDENTIFY
- Category: Asset Management
- Audit: Software platforms and applications within the organisation are inventoried.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-2 Checklist:
1. πŸ“œ Create a software registry
2. πŸ›‘οΈ List all security certificates
3. ⏲️ Track expiration dates
4. πŸ› οΈ Update or remove outdated software
- Example: Use vulnerability scanners to identify software that needs updating or removal.

🌐 ID.AM-3: Data Flow Mapping πŸ—ΊοΈ
- Function: IDENTIFY
- Category: Asset Management
- Audit: Organisational communication and data flows are mapped.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-3 Checklist:
1. πŸ“ˆ Identify data entry and exit points
- Example: Pinpoint where customer data enters via the CRM and exits via email reports.
2. 🚦 List all data transformation processes
- Example: Document how raw sales data is transformed into actionable insights.
3. πŸ”„ Regularly review and update the map
- Example: Audit the data flow map after any significant infrastructure changes.

🌍 ID.AM-4: External Systems Catalogue πŸ“š
- Function: IDENTIFY
- Category: Asset Management
- Audit: External information systems are catalogued.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-4 Checklist:
1. πŸ“ List all third-party systems
- Example: Catalogue all SaaS tools like Salesforce, AWS, and Slack.
2. πŸ›‘οΈ Verify their security posture
- Example: Check if the vendors are GDPR-compliant or hold relevant security certifications.
3. 🀝 Establish security SLAs (Service Level Agreements)
- Example: Negotiate SLAs that require vendors to notify you within 24 hours of a security incident.

🎯 ID.AM-5: Resource Prioritisation βš–οΈ
- Function: IDENTIFY
- Category: Asset Management
- Audit: Resources are prioritised based on their classification, criticality, and business value.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-5 Checklist:
1. 🏷️ Classify all resources
2. πŸ“Š Perform a risk assessment
- Example: Use the FAIR framework to assess the financial impact of losing specific assets.
3. πŸ‘‘ Prioritise critical assets

🎭 ID.AM-6: Cybersecurity Roles and Responsibilities 🀝
- Function: IDENTIFY
- Category: Asset Management
- Audit: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders are established.
www.tg-me.com/in/IT Audit and Governance/com.IT_Audit/343
2.6K viewsMr Moon



tg-me.com/IT_Audit/343
Create:
Last Update:

πŸ›‘οΈ The ABCs of Cybersecurity Audit: Focusing on Asset Management - The Definitive Edition πŸ› οΈ

Hello Cyber Warriors! πŸ‘‹ Today, we're taking a comprehensive look at Asset Management within cybersecurity audits, enriched with references to industry standards and frameworks. Buckle up, because we're about to get technical! 🎯
---
πŸ“‹ ID.AM-1: Physical Device Inventory πŸ–₯️
- Function: IDENTIFY
- Category: Asset Management
- Audit: Physical devices and systems within the organisation are inventoried.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-1 Checklist:
1. 🧾 Create a device registry
- Example: Use a centralised asset management system to record all servers, laptops, and mobile devices.
2. πŸ•΅οΈβ€β™€οΈ Use network scanning tools
- Example: Employ tools like Nmap to scan for devices connected to your network.
3. πŸ”„ Regularly update the inventory
- Example: Automate alerts to review the inventory every quarter.
4. 🎫 Label all devices
- Example: Use QR codes to label devices for quick scanning and identification.

πŸ“ ID.AM-2: Software Inventory πŸ“¦
- Function: IDENTIFY
- Category: Asset Management
- Audit: Software platforms and applications within the organisation are inventoried.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-2 Checklist:
1. πŸ“œ Create a software registry
2. πŸ›‘οΈ List all security certificates
3. ⏲️ Track expiration dates
4. πŸ› οΈ Update or remove outdated software
- Example: Use vulnerability scanners to identify software that needs updating or removal.

🌐 ID.AM-3: Data Flow Mapping πŸ—ΊοΈ
- Function: IDENTIFY
- Category: Asset Management
- Audit: Organisational communication and data flows are mapped.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-3 Checklist:
1. πŸ“ˆ Identify data entry and exit points
- Example: Pinpoint where customer data enters via the CRM and exits via email reports.
2. 🚦 List all data transformation processes
- Example: Document how raw sales data is transformed into actionable insights.
3. πŸ”„ Regularly review and update the map
- Example: Audit the data flow map after any significant infrastructure changes.

🌍 ID.AM-4: External Systems Catalogue πŸ“š
- Function: IDENTIFY
- Category: Asset Management
- Audit: External information systems are catalogued.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-4 Checklist:
1. πŸ“ List all third-party systems
- Example: Catalogue all SaaS tools like Salesforce, AWS, and Slack.
2. πŸ›‘οΈ Verify their security posture
- Example: Check if the vendors are GDPR-compliant or hold relevant security certifications.
3. 🀝 Establish security SLAs (Service Level Agreements)
- Example: Negotiate SLAs that require vendors to notify you within 24 hours of a security incident.

🎯 ID.AM-5: Resource Prioritisation βš–οΈ
- Function: IDENTIFY
- Category: Asset Management
- Audit: Resources are prioritised based on their classification, criticality, and business value.
- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-5 Checklist:
1. 🏷️ Classify all resources
2. πŸ“Š Perform a risk assessment
- Example: Use the FAIR framework to assess the financial impact of losing specific assets.
3. πŸ‘‘ Prioritise critical assets

🎭 ID.AM-6: Cybersecurity Roles and Responsibilities 🀝
- Function: IDENTIFY
- Category: Asset Management
- Audit: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders are established.

BY IT Audit and Governance


Warning: Undefined variable $i in /var/www/tg-me/post.php on line 280

Share with your friend now:
tg-me.com/IT_Audit/343

View MORE
Open in Telegram


IT Audit and Governance Telegram | DID YOU KNOW?

Date: |

Importantly, that investor viewpoint is not new. It cycles in when conditions are right (and vice versa). It also brings the ineffective warnings of an overpriced market with it.Looking toward a good 2022 stock market, there is no apparent reason to expect these issues to change.

Look for Channels Online

You guessed it – the internet is your friend. A good place to start looking for Telegram channels is Reddit. This is one of the biggest sites on the internet, with millions of communities, including those from Telegram.Then, you can search one of the many dedicated websites for Telegram channel searching. One of them is telegram-group.com. This website has many categories and a really simple user interface. Another great site is telegram channels.me. It has even more channels than the previous one, and an even better user experience.These are just some of the many available websites. You can look them up online if you’re not satisfied with these two. All of these sites list only public channels. If you want to join a private channel, you’ll have to ask one of its members to invite you.

IT Audit and Governance from in


πŸ›‘οΈ The ABCs of Cybersecurity Audit: Focusing on Asset Management - The Definitive Edition πŸ› οΈHello Cyber Warriors! πŸ‘‹ Today

 IT Audit and Governance TG
Webview: 343
IT Audit and Governance.Telegram Webview
IT Audit and Governance Telegram TG Channel
Telegram Updated:
Telegram IT Audit and Governance
FROM USA