Asset Management
What is Asset Management?
Asset ManagementThe continuous discovery, inventory, classification, and lifecycle tracking of every hardware, software, cloud, and data asset that the security program must protect.
Asset management is the foundation of every other security control: you cannot protect, patch, monitor, or respond to what you do not know exists. A modern asset inventory covers endpoints, servers, network devices, mobile, cloud workloads, SaaS tenants, identities, code repositories, and data stores, with ownership, criticality, and exposure attributes. Discovery is increasingly continuous and tool-driven through CMDB integrations, EDR data, cloud APIs, and EASM probes. Strong asset management feeds vulnerability management, configuration management, incident response, and zero-trust enforcement, and is a prerequisite for frameworks like the CIS Controls.
● Examples
- 01
A weekly reconciliation that compares CMDB records to EDR-enrolled endpoints to find unmanaged hosts.
- 02
Tagging crown-jewel databases so that they receive priority patching and stricter access controls.
● Frequently asked questions
What is Asset Management?
The continuous discovery, inventory, classification, and lifecycle tracking of every hardware, software, cloud, and data asset that the security program must protect. It belongs to the Defense & Operations category of cybersecurity.
What does Asset Management mean?
The continuous discovery, inventory, classification, and lifecycle tracking of every hardware, software, cloud, and data asset that the security program must protect.
How do you defend against Asset Management?
Defences for Asset Management typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Asset Management?
Common alternative names include: IT asset management, Cyber asset management.