# Asset Management Asset Management is a [[Foundational Capabilities|Finance]] capability which divides asset management into different types with IT and Digital Asset Management commonly delegated to the Information Technology capability owner. Digital and IT assets are recorded by Information Technology within an asset database which works closely with Finance to support the organization's technology investments and financial reporting. [[Cybersecurity]] capabilities directly depend on IT and Digital Asset Management, using this information as an input for [[Adversary Research]] and [[Incident Containment]]. From this information, Cybersecurity stewards can assess the value of an asset from and adversary perspective. Cybersecurity capabilities may also find unrecorded or unmanaged IT and Digital Assets through their work of verifying security controls or during incident containment, which is then information that will need to be updated in the asset database. If cybersecurity capabilities amass a significant amount of digital asset data not tracked within an asset database, it is likely that the company has an Asset Management gap as a root cause for cybersecurity incidents. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD subgraph two[Foundational] subgraph subPadding1[ ] direction LR F[Application Management] G[Asset Management] H[Backup and Recovery] I[Code Management] J[Data Management] K[Device Management] L[Domain Management] M[Email Management] N[Identity and Access Management] O[Log Management] P[Network Management] Q[Policy Automation] R[Stream Processing] S[Third Party Management] T[Training] F ~~~ G G ~~~ H H ~~~ I I ~~~ J K ~~~ L L ~~~ M M ~~~ N N ~~~ O P ~~~ Q Q ~~~ R R ~~~ S S ~~~ T end end %% Class Definitions %% ===================== class two subPadding; classDef subPadding fill:none,font-size:20px; class subPadding1,subPadding2 subgraph_padding; classDef subgraph_padding stroke:none,fill:none,margin:0; class F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:#333,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T cssClassL1; classDef cssClassL1 fill:gray,stroke:#333,stroke-width:0px,font-size:15px,font-color:white; class G cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Maturity Model | | Stage 1 | Stage 2 | Stage 3 | Stage 4 | Stage 5 | | ------------- | -------------- | ----------------------------------- | ------------------------ | ------------------ | ------- | | **Category** | Asset Tracking | Asset Discovery<br><br>Integrations | | Asset Traceability | | | **Dependent** | | [[Seed Management]] | [[Asset Fingerprinting]] | | | ## Requirements | Category | Guidance | Dependent Capability | Adversary Persona | | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | ------------------ | | Asset Discovery | + Document all assets for the organization.<br>+ Ability to group assets dynamically and with business context. | [[Seed Management]] | | | Asset Traceability | + Map infrastructure to applications.<br>+ Asset location can be determined from traceability of a system to its supported application. | | | | Asset Tracking | + Assets can be assigned a unique identifier.<br>+ Asset lifecycle can be tracked with status. | [[Asset Fingerprinting]] | [[Script Kiddies]] | | Integrations | + Provides an ability for asset intelligence to be gathered from other supporting tools. | | | ## Metrics [[Metrics]] provide insights that lead to improvement. >[!cm-metric] Metric: [[% of Active IT Assets vs. Total Managed Assets]] >[!cm-metric] Metric: [[Total Managed Digital Assets]] >[!cm-metric] Metric: % of IT + Digital Assets vs. Total Assets >[!cm-metric] Metric: Growth of IT + Digital Assets YoY >[!cm-metric] Metric: % Crown Jewels vs. Total Assets ## Inspiration & Resources + [ISO/TS 55010:2019 - Asset management — Guidance on the alignment of financial and non-financial functions in asset management](https://www.iso.org/standard/72700.html) + [GFMAM Asset Management Landscape](https://gfmam.org/sites/default/files/2019-08/GFMAM_ASSET%20MANAGEMENT%20MATURITY_FIRST%20EDITION_ENGLISH%20VERSION.pdf) + [IT Asset Management (nist.gov)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-5.pdf) ## Release Notes + [[WIP - Q3 2024 Release#Document Foundational Capabilities and Develop Templates for sub-pages]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.