If you’re not familiar with cybersecurity asset management, it may sound to you like it’s awfully similar to IT operations management (ITOM).
While cybersecurity asset management does tie into many objectives of an ITOM program, there are some key differences, too.
WHAT IS IT OPERATIONS MANAGEMENT?
IT Operations Management is the management of all technology components within an organization. This includes infrastructure, applications, services, storage, and network connectivity.
The ultimate goal of ITOM is to ensure a company’s processes and services are always available and efficient.
While the function of IT Operations Management differs from company to company, the key responsibilities include:
- IT and Desktop support: Help desk management, user provisioning and access management, and backup and disaster planning
- Device management: including servers, mobile devices, and more.
- Network infrastructure: Ensuring external and internal network connectivity, access for remote users, and resolving network-related issues
WHAT IS CYBERSECURITY ASSET MANAGEMENT?
Cybersecurity Asset Management is the process of gathering asset data (devices, cloud instances, and users) to strengthen core security functions, including:
- Detection and response
- Vulnerability management
- Cloud security
- Incident response
- Continuous control monitoring
Many common responsibilities of ITOM are prerequisites to a successful Cybersecurity Asset Management program. These include:
NETWORK INFRASTRUCTURE MANAGEMENT:
- Taking an inventory and monitoring all company owned networks
- Managing network access, both for employees and people external to the company
- Ensuring newly provisioned IT assets (desktops, laptops, mobile devices, servers, and even IoT and cloud instances) have necessary security controls
- Ensuring devices are running company sanctioned software and applications
IT AND DESKTOP SUPPORT:
- Resolving incidents
- Creating and managing user profiles and system access
Tools used for IT Operations Management ultimately help ensure IT assets are always available and used efficiently. But they don’t necessarily ensure that they are secure.
Cybersecurity Asset Management tools are used to track all IT assets, correlate data pertaining to each asset, and understand how assets meet company security policies and processes.