Asset discovery and valuation is the cornerstone of all successful cybersecurity and privacy programs. Absent this, you don’t know what you’re protecting and—even worse—at what cost.
What is Asset Discovery?
Asset discovery is the process of finding and cataloging all assets that exist in a business’s network. Assets can be physical like a computer, or intangible, like the cloud.
3 Ways to Conduct an Asset Disovery
Asset discovery and valuation is always the first and most critical step in any cybersecurity program. There are several ways to go about it:
- If your organization is small enough, you can manually attempt to inventory the assets. Obviously this can be a time consuming and involved process. If done right, however, it will result in a highly accurate picture of assets and values.
- If the organization is above a certain size, or in multiple locations, then automated asset discovery becomes a necessity. Specialized software is used to scan the infrastructure, identity assets, catalogue them, and value them. The problem with automated discovery is that you can’t know what you don’t find. Therefore, it should always be checked against the real environment to identify anything missed.
- Quite commonly, the type of asset discovery used is a hybrid version of the two above. You utilize some automation to create a baseline and manually fill in the blanks. This cuts down on the asset discovery time and ensures completeness.
Common Methods to Assess Value
Once an organization has identified its assets, it needs to assess their value. There are a number of different methods for valuing assets, each with its own advantages and disadvantages.
1. Total Cost.
The most common methods include the asset’s historical cost (what the organization paid for it), the replacement cost (what the organization would have to pay to replace it), the market value of the asset (what it would fetch in the open market if sold) and the book value of the asset (an accounting methodology that derives the value by subtracting the depreciation of the asset from its historical value).
Once complete, asset identification and valuation create the control boundary—a budgetary boundary which if exceeded will mean that you’re paying more to protect the asset than what it is worth. Needless to say, this is something that you must avoid.
Do you need to perform an asset identification and valuation? Let us know. We can help you make sure you make the most of it and avoid the common pitfalls that plague your competitors.