Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Jobs

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Is an asset inventory in your company's future?

By Peter H. Gregory
May 22, 2003 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - Do you know where all the licensed (and unlicensed) copies of Visio 2000, Yahoo tool bar, Xupiter DLLs or Outlook Express are in your company's systems? Do you know who still has the Windows Messenger Service turned on? If not, it may be time for a hardware and software asset inventory.


There was a lot of buzz about asset inventory at last month's 2003 RSA Security conference in San Francisco. It was an emerging theme that came through for those who attended sessions on vulnerability management, patching, intrusion detection, security management, emergency response and selling security to senior management. You can't protect your information and the information infrastructure if you don't know what it contains. In other words, you must have an inventory of your assets.


That makes sense, so what's the issue here? There are plenty, according to Steve Crutchley, chief security officer and co-founder of 4FrontSecurity, an enterprise security services firm in Reston, Va. At the RSA conference, Crutchley discussed ways to make information security relevant for an organization's board of directors. "Many organizations I have counseled lack an effective asset inventory. Without an asset inventory, how are the systems and network engineering groups supposed to sift through security alerts and know which ones apply to them and which can be discarded?" he said.












Peter H. Gergory
Peter H. Gregory, CISSP, CISA, is an information technology and security consultant, a freelance writer and an author of several books, including Solaris Security, Enterprise Information Security, and CISSP for Dummies. As a consultant he provides strategic technology and security services to small and large businesses.


He can be reached at p.gregory@hartgregorygroup.com.
His Web site is www.hartgregorygroup.com.

Many organizations have attempted to collect and maintain effective inventories of their IT assets, including data centers and desktops, to support total cost of ownership (TCO) and activity-based costing (ABC) efforts in the 1990s. Generally, these initiatives failed because the effort required to build and maintain an asset inventory was far greater than expected. Since then, many asset inventory programs have fallen into disrepair (see story).


Blended threats raise the bar


The phenomenon known as "blended threats," whereby worms and Trojan horses use multiple propagation paths (see story), is ushering in a new generation of security products that contain the best of intrusion-detection system tools and the automated processing of vulnerability alerts from product manufacturers and the CERT Coordination Center.


These products fall into the new niche known as vulnerability management. They work by keeping tabs on the latest vulnerability alerts, cross-referencing them against your hardware and software and creating "hits" when the two intersect. These hits translate into tasks where a systems administrator or network engineer needs to install a patch, change a configuration or mitigate the new vulnerability by some other means.

Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints


Jump to comments

Security

Additional Resources

Microsoft
DirectAccess and UAG: Better Together
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Case Study: Energy Firm Tightens Protection, Simplifies IT Work
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Why BI is Ripe - Now! - For Businesses of Any Size
Download Now!  

Best Practices for Database High Availability
View now!

Rapid Implementation: The New Age of ERP
Download Now!  

Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
View this webcast!

Leveling the Field: Powerful Software Solutions for Midsize Companies
Download Now!  

Maximize ROI for Web Applications
Register for this webcast now!

IDC Research Report: The Business Value of Consolidating on Energy-Efficient Servers
Download this Resource Now!  

WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!

HP Technology Guide for Scalable Business Solutions
Download This Resource Now!  

Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.

All White Papers | All Webcasts

Computerworld Reports

Computerworld Technology Briefing: More than Business Value

Computerworld Briefing: Staffing for Intelligence

8 Questions To Ask About Your Intrusion-Security Solution

All Computerworld Reports

IT Jobs

 

SAS Information Management Kit

SAS is the leader in business intelligence and analytical software and services. Only SAS offers leading data integration, storage, analytics and business intelligence applications within a comprehensive enterprise intelligence platform. SAS gives 97 of the top 100 companies in the 2007 Fortune 500 THE POWER TO KNOW®.
Webcast: The Information Management Roadmap
Imagine high-quality data, cleansed, analyzed and delivered throughout your organization. Join Computerworld, IT visionary Thornton May and a panel of experts to learn how SAS® can help you make it happen.

View this webcast 
Research Report: Information Management Initiatives at Midsize and Large Organizations
See the top-line results of this Computerworld sponsored survey to see how IT and business leaders are handling information management implementation.

Download this report 
White Paper: Information Management: Better Information for Winning Decisions.
This white paper explains how the SAS Information Evolution Model aids companies in assessing how they use this information to make strategic decisions and drive business.

Download this white paper 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.