CIS Controls: Hardware Asset List

#1 on the CIS security controls top 20 list is an “inventory and control of hardware assets.” Will refer to it as a hardware asset list for this post. While a lot of organizations do have a form of a hardware asset list, most lists are incomplete and missing simple items like keyboards and mice (more on that later). Of course there are some organizations that do not have a list at all. I’ll cover reasons why I think a hardware asset list is important for every organization to have as well as point out a few items that are often missing from hardware asset lists.

Read More

CIS Controls: Software Asset List

#2 on the CIS security controls top 20 list is an “inventory and control of software assets”.  While there are several reasons why this is an important control to have in place, most organizations do not have one. Here are a few of the main reasons I feel a software asset list is important for every organization to have. Hopefully these key points will help security/compliance professionals provide the justification they need to get a software asset list on the roadmap to complete.

Read More