Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISO/IEC27000: Asset Management

by Sharon Everson
June 20, 2016

Managing changes among hardware and software assets on a network can be a difficult challenge for any organization to monitor effectively. Many of today’s asset management tools lack complete visibility, and do not account for rapid changes among assets that traverse the network. With this report, organizations can obtain valuable information on changes to hardware assets, number of hosts, software versions, and any unauthorized assets.

The ISO/IEC 27002:2013 provides a framework that can be used to develop and enhance information security policies for any organization. Each security control and objective provided within the standard can be tailored to specific business and regulatory objectives, and assist with maintaining overall compliance. This report aligns with the ISO/IEC 27002 8.1.1 and 8.1.2 controls. Each chapter provides detailed information on various types of hardware and software assets, which can help to ensure an accurate asset inventory.

The ISO Asset Management report provides information on new and existing hardware assets, infrastructure devices, servers, and software. Hosts are detected and organized by asset list and Class C addresses. Device summary information will present details on current network infrastructure devices, web server types, mobile, wireless, VOIP, and more across a network. This chapter can benefit the organization by detecting unauthorized devices, which can help to reduce blind spots.

Information on top operating systems, desktop software, databases, and e-mail clients can help analysts to track and control software inventory. Organizations will find this information beneficial in identifying outdated and unsupported software that may be at end of life. In addition, organizations can use this report to track assets throughout their life cycle. Knowing what assets are on a network will allow an organization to quickly generate an accurate inventory of assets, which can aid in maintaining compliance and reducing overall risk.

This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The report requirements are:

  • Tenable.sc 5.3.2
  • Nessus 8.5.1
  • LCE 6.0.0
  • NNM 5.9.0

Tenable.sc Continuous View (CV) provides continuous network monitoring, vulnerability identification, risk reduction, and compliance monitoring. Nessus is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits. NNM and Nessus both have the capability to discover operating systems, software, network devices, hypervisors, databases, tablets, phones, servers, and other critical assets. Tenable.sc CV allows for the most comprehensive and integrated view of network health.

The report contains the following chapters:

  • Executive Summary: The Executive Summary chapter provides a high-level overview of current hardware and software assets on a network. Elements will include a summary of new devices and services, infrastructure devices, operating systems, and installed software. This report aligns with the ISO ISO/IEC 27002 8.1.1 and 8.1.2 controls, where all assets should be identified, accurate, and up to date.
  • Devices Summary: The Devices Summary chapter provides a compressive summary of various infrastructure devices, and server types. A chart of the top detected web servers presents a combined look at the top web servers on a network. Web servers detected actively by Nessus and passively by Nessus Network Monitor (NNM) are also presented. Additional devices included within this chapter are MDM mobile, scanned mobile, wireless, VoIP, and SCADA devices.
  • Server Summary: The Server Summary chapter provides the latest information on detected server types within a network. Elements within this chapter will include web servers that have been actively detected by Nessus, and passively detected web servers by NNM.
  • Software Summary: The Software Summary chapter presents a list of top operating systems, list of current software, unsupported, database servers, e-mail servers, and desktop application suites. This information can help to identifying outdated software that may have been missed by scans. Additionally, this chapter can provide valuable information to organizations on software licensing, and what is in use on the network.
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.