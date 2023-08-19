An effective strategy of cybersecurity it must not start from technologies, but from a careful monitoring of a company’s IT assets. Indeed, the information that will come from this activity will be useful for defining the best protection strategy against cyber attacks, identifying the areas most at risk and also identifying any violations or compromises of the systems already in place. This is underlined by a recent report by S&P Global Ratingswhich focuses on the importance of the control and management of hardware, connected devices, software e rarely throughout their life cycle. The lack of this kind of activity, the report underlines, can mean an incorrect management of IT risk and could weigh on S&P’s view on the rating of organizations.

The priorities for large companies

“To be effective – reads the report – a system of cyber security he has to know what he has to protect. In large organizations this can include thousands of connected devices, such as laptops and cell phones, as well as multiple operating systems, software systems and networks. The process of registering, tracking and managing these assets is typically called IT Asset Management (Itam) and its effectiveness is critical to good cyber defense.”

Rating risks

Having robust IT Asset Management, according to S&P, is critical to an organization’s ability to proactively manage vulnerabilities, respond to incidents efficiently, and minimize the financial impact of cyberattacks. “We consider the absence of Itam as potentially indicative of poor IT risk management which, together with other factors – underlines the rating agency – could weigh on our assessment of the governance and operational risk management of an entity”.

The vision of National Institute of Standards and Technology

To underline the importance of Itam is also the Nist, National Institute of Standards and Technologyan agency of the United States Department of Commerce, which underlines how the advantages of this approach consist in a ability to respond faster to security alertsnell’increased cybersecurity resilience thanks to a greater focus on critical assets, in one better cost management and in one reduction of the attack surface thanks to improved patches and updates.

“Itam – explains S&P – can also play an important role in facilitating the definition of asset priorities. Not all IT systems are created equal, and the failure of one critical system can have a significant impact throughout the organization. A system that helps organizations track the assets that are the ‘crown jewels’ of their network makes risk assessment easier and helps prioritize security efforts.

I framework the Nist e Cis

In support of companies, Nist and the Center for Internet Security (Cis), a non-profit consultancy and benchmarking organization, have described a accurate inventory of hardware and software assets as the starting point of an effective cybersecurity and risk management program. “The frameworks provided by Nist and other organizations contribute to the framework that guides our analysis of integrating cybersecurity into overall risk management,” concludes S&P.

