Information Security

Implementing Effective IT Asset Management

Effective IT asset management (ITAM) is vital for maintaining a streamlined, secure, and efficient IT infrastructure. This detailed guide is structured around the three primary components of ITAM: static inventory, dynamic tracking, and regular reconciliation. Each component is pivotal for the comprehensive management of IT assets. We delve deeper into each component, offering insights and strategies for IT professionals.

1. Crafting a Comprehensive IT Asset Management Policy

The IT asset management policy is the cornerstone of your ITAM strategy. The blueprint dictates how IT assets are acquired, deployed, maintained, and retired. This policy should address all facets of asset management, including procurement processes, usage guidelines, security protocols, and disposal procedures.

Key Elements to Include:

– Asset Lifecycle Management: Detailed processes for each phase of an asset’s life, from procurement to disposal.

– Roles and Responsibilities: Clearly define who manages, uses, and maintains various IT assets.

– Security and Compliance: Guidelines for ensuring that asset management practices adhere to relevant security standards and regulatory requirements.

2. Understanding the Core IT Assets: Incorporating Static Inventory

A static inventory is a detailed catalog of all IT assets within an organization. This foundational inventory is a snapshot of the organization’s IT resources, detailing each asset’s specifications, locations, and status.

Developing a Static Inventory:

– Asset Identification: Identify all IT assets, including hardware (workstations, servers, network devices) and software (licenses, applications).

– Documentation: Document critical information about each asset, such as the purchase date, warranty details, configuration settings, and associated users or departments.

– Centralized Database: Store this information in a centralized database that authorized personnel can easily access and update.

3. Dynamic Tracking: The Pulse of IT Asset Management

Whereas static inventory provides a snapshot, dynamic tracking involves continuously monitoring and updating the status of IT assets. This ensures that the inventory reflects real-time usage, condition, and location of assets.

Implementing Dynamic Tracking:

– Automated Tools: Utilize ITAM software to automate the tracking of hardware and software changes, usage patterns, and performance metrics.

– Regular Updates: Establish protocols for updating the asset database following any changes, such as asset reassignments, upgrades, or decommissioning.

– Incident Management: Integrate dynamic tracking with incident management systems to quickly address and document any issues or changes affecting IT assets.

4. Regular Reconciliation: Ensuring Accuracy and Efficiency

Regular reconciliation compares static inventory with dynamic tracking data to identify discrepancies. This ensures the accuracy of the asset database and helps make informed decisions.

Steps for Effective Reconciliation:

– Scheduled Reviews: Conduct audits of the IT asset database to verify the accuracy of recorded information against actual asset conditions and locations.

– Discrepancy Resolution: Develop a process for investigating and resolving any discrepancies found during audits, such as unrecorded assets or inaccuracies in asset details.

– Continuous Improvement: Reconciliation findings will be used to refine ITAM processes and policies, enhancing the overall effectiveness of asset management.

5. Hardware Retirement

Hardware retirement is a critical IT asset management process focused on the secure, efficient, and environmentally responsible decommissioning of outdated or no longer needed IT hardware. This process ensures that all such assets are disposed of in a way that protects sensitive data, complies with regulatory requirements, and minimizes environmental impact.

Managing End-of-Life Assets:

– Clear procedures for the retirement of hardware assets are essential for maintaining security and compliance.

– Establishing regular retirement cycles.

– Securing certificates of destruction for data-bearing devices and ensuring environmentally responsible disposal.

6. Data Security Measures

Data security measures are essential protocols and practices implemented to protect sensitive information from unauthorized access, breaches, data loss, and cyber threats. These measures safeguard data’s confidentiality, integrity, and availability across its lifecycle, from creation and storage to transmission and destruction. Adequate data security is multifaceted and includes technological solutions, policies, and procedures to protect digital and non-digital information.

Securing Data:

– Data Sanitization: Implement strict policies to ensure that all sensitive information is securely removed from assets before disposal.

– Certification and Documentation: Obtain and maintain documentation, such as certificates of destruction, to prove compliance with data security regulations.

For IT professionals, mastering the art of IT asset management requires a balanced approach that includes developing a robust ITAM policy, maintaining an accurate static inventory, implementing dynamic tracking for real-time updates, regularly reconciling data to ensure accuracy, and securely managing the retirement of outdated assets. By focusing on these critical components, IT departments can ensure their organizations’ IT assets are handled efficiently, securely, and aligned with business goals.

Information Security

Spam Email – Stop it before your users click on it

It doesn’t matter if you’ve trained them or yelled at them or had to fix their infected computers in front of them (or all of the above) ……..they’re still going to open that suspicious email, aren’t they?
Because who can resist the attachment that promises funny cat pictures, and who doesn’t have a slight panic attack when faced with a fraud alert from their bank?
Protecting your corporate network from malicious email is a never-ending battle and there’s no simple, one-size-fixes-all method to do so, either. There are three modes of defense, though, that are remarkably effective but we’ve recently realized that most small to mid-size companies are only using one or two of those methods.

  1. The first and most effective defense is simply user training. Every company, no matter the size, should inform and educate users as to the dangers of fraudulent emails. Provide examples, show warnings, and do it on a regular basis. Don’t numb them to the dangers but find a balance between over-lecturing and educating your users.
  2. The second most effective defense is desktop antivirus and anti-malware software. These programs won’t stop a zero-day exposure but they’ll prevent about 98% of anything that makes it as far as the desktop. They won’t prevent someone from entering their banking credentials on a fake website but they do a moderately decent job of preventing older malware from infecting your network.
  3. The third defense, and the one you may not be using, is a block list on your mail server. These block lists do exist and contain real-time updated lists of spam websites and domains. The most popular of these is the Spamhaus Project. In their own words: “The Spamhaus Block List (“SBL”) Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail. The SBL is queriable in realtime by mail systems thoughout the Internet, allowing mail server administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending, hosting or origination of Unsolicited Bulk Email (aka “Spam”). The SBL database is maintained by a dedicated team of investigators and forensics specialists located in 10 countries, working 24 hours a day to list new confirmed spam issues and – just as importantly – to delist resolved issues.”

Simply put, by taking advantage of the Spamhaus DNS block lists, you can set most modern mail servers to prevent many of those fraudulent emails from ever reaching your users. There are some limits on free usage of their offering but larger, heavier users can still pay for the service.
You can find more information about Spamhaus at the following url: