Why it is important to make an inventory of hardware and software devices
Taking an inventory of hardware and software devices used for business purposes allows companies to better manage their IT resources while avoiding waste and, above all, risks from possible cyber attacks and mismanagement.
What the inventory must keep track of
The inventory, which must be updated periodically, will show not only the physical devices (hardware), but also the programmes (software) and all IT systems, services and applications used within the company perimeter.
The inventory must also include devices such as cellular phones, tablets, laptops and other portable electronic devices that store or process data that must be identified, whether or not they are connected to the organisation's network.
For all devices that have an IP address, the inventory must indicate the names of the machines, the system function, an owner responsible for the resource and the associated office.
Download the Cyberangels template to carry out your inventory!
Template to be filled out in which you can keep track of the software and hardware in use in the company.
Within the template it is also possible to keep track of suppliers.
Define practices to keep the inventory up-to-date
The inventory must be updated periodically by the person in charge.
When new devices and software are installed or connected to the network, the inventory must be updated immediately.
Here, then, are the steps to be taken periodically to keep the inventory up-to-date:
implement a 'whitelist' of authorised applications, blocking the execution of software not included in the list. The 'whitelist' can be very broad to include the most popular software;
perform regular scans on systems to detect the presence of unauthorised software;
deactivate accounts that are no longer used (outdated passwords and important data/information);
register to external services exclusively via company e-mail and not with personal credentials;
draw up a comprehensive list of removable media (USB) given the widespread unawareness of the use of such devices;
understand from the terms of service documents how and in what way corporate data will be managed by web service providers (social and cloud);
appoint a person responsible for coordinating data/information management and protection activities.