Asset Management

What is asset management for information systems?

Asset Management is a formal methodology used when analysing all the information assets within your organisation, and establishing how these will be managed for information security.

A simple method for managing assets for information security could be:

1. Register - Create a list of information assets - in other words, create an asset register. This takes time and requires the discovery of all information assets.
2. Responsibility - Determine the responsibility for each asset.
3. Classification - Classify the assets on the list so that the level of protection and control is proportional to the importance of that asset to your business.

Why is asset management important?

Asset management is important in order to ensure your organisation is complying with best practice and regulations around how your their assets are managed.

An example of this is the requirement of financial assets to be documented in the correct way as stated by accounting standards.

Asset management is also about creating the highest amount of returns for your organisation and minimizing risk, which can be done by having your assets captured effectively. This is because your organisation will not make unnecessary purchases of assets they may already have, but have forgotten about as they have not been added to the asset register. 

The thing is, by definition assets are a resource with economic value that a business or organisation owns, with the expectation that it will provide a future benefit.  An asset can be thought of as something that, in the future, can generate cash flow, reduce expenses or improve sales, regardless of whether it's manufacturing equipment, a building, a truck or a patent.  Assets are reported on a company's balance sheet and are bought or created to increase a firm's value or benefit the firm's operations.  When you look at it like this, it is amazing that businesses can have such valuable resources on hand and be so blasé about managing them.

Learn More:

• ISO 27001 Information Security Management Standard - Clause A8 Asset Management
• What are the information security principles?
• What is physical and environmental security?
• What is access control?
• What is cryptography for information security?