[ISM3 Users] Tuesday Insight: Environments
Vicente Aceituno
vac at zenobia.es
Wed Jul 11 09:25:54 CEST 2007
> "All conceivable" and "too much" are emotive terms, Vicente.
You are right.
> I would argue that comprehensive, accurate and up-to-date (a.k.a. high
> quality) data on information assets means better informed and hopefully more
> accurate management decisions.
> A high quality information asset inventory/database, shared
> amongst various departments, can be used for multiple purposes e.g.:
> - information security risk assessments and compliance assessments
> (including SOX)
> - financial valuations and depreciation
> - insurance purposes
> - software license management
> - information/data management
> - change and configuration management including change planning and
> redeployment/greater use of dormant assets
> - contingency planning
> - performance management and capacity planning
> - physical management (e.g. power requirements and heat load)
> - vulnerability management
You are right, at an operational management level (OSP processes) an
inventory is incredibly useful.
At tactical and strategic levels of management (TSP and SSP) the
inventory is no good. You need a model of your organization and your
IT more meaningful (and more coarse grained as a side effect)
When I think management, I normally think of tactical and strategic levels.
Can you imagine a CEO asking a CISO to tell him how are IT systems
protected and the CISO handing out a copy of the inventory?
Vicente
More information about the Users
mailing list