Cybersecurity Technology Asset Management Assessment


Cybersecurity is not just an IT problem; it is a business problem. Executive managers and board members are now being held accountable for data breaches. While we live in a world of continuous, escalating, malicious, and potentially massive threats. Executives and board members that do not understand the full scope of exposure to the business are compromised in their ability to guide and oversee the construction of the cybersecurity strategy.

One of the most fundamental aspects of a successful cyber program is understanding and controlling the technology base; the vital hardware and software assets on which the business runs. Without comprehensive and unified visibility into all technology assets – on-network, off-network, physical, virtual, software, cloud subscriptions, etc. – organizations cannot effectively determine their cyber risk profile. Even the most basic of cyber hygiene approaches such as patching, anti-virus, and disk encryption will be inherently flawed if they are based on incomplete asset data.

For over two decades, our experts have been instrumental in helping organizations of all sizes and across all industries and geographies to minimize cyber exposure and protect their brand’s reputation. 

In this assessment, we’ve taken our experience with hundreds of clients in the private and public sector and distilled it into the 14 critical factors we’ve observed to be the ones that are most likely to be reducing your visibility into the technology asset base and thus increasing your business risk. This analysis is designed to give you rapid insight into your specific situation, while providing a high-level view of why these issues are important.

If you're ready, let's begin with some identifying information. 

First, please tell us who you are, where you are, and how to contact you:






( ) -

1. Governance: Has a technology asset governance (IT asset management) strategy, which is aligned to the business strategy, been documented and approved by management?:

2. Business Outcomes: Have the business outcomes required from the IT asset management program been clearly aligned with the needs of IT security?:

3. Centralized Data: Is there a functioning central repository application which aggregates data on all technology assets both on-network and off-network to create a “single source of credible truth”?:

4. New Asset Acquisition: Do all hardware and software purchases made anywhere in the organization follow a consistent process to record the new asset in the central repository in a timely manner every time?:

5. Information Detail: Does the asset management program provide detail about the assigned end-user, physical location, business usage, and criticality of the asset?:

6. Lifecycle Updates: Are all changes to an asset’s location and end-user assignee recorded in the central repository quickly and accurately as the asset moves throughout its life (order, receive, deploy, move, decommission, dispose)?:

7. Unauthorized Software: Does your organization maintain a list of authorized and unauthorized software and do you consistently remove unauthorized software?:

8. Software Reclamation: Are you able to identify and consistently reclaim installed but unused software?:

9. Off-Boarding Reclamation: Are you able to identify and consistently reclaim all company-issued hardware devices at personnel off-boarding?:

10. Out of Possession: Do you have a defined process in place to quickly and effectively respond when computing equipment is lost or stolen?:

11. Discover/Configuration Scanning: Is a uniformly-deployed discovery tool in place to investigate and report on the internal configuration of all network-connected computing assets?:

12. Used & Refurbished: Does your organization acquire any used or refurbished equipment and are you certain it has been sufficiently sanitized before it is introduced into the environment?:

13. Hardware End-of-Life: Are you certain that your organization’s current process for hardware asset disposal is compliant with all applicable laws, regulations, and security industry best practices?:

14. Software License Management: Do you know the software license entitlements, usage, and compliance status for all of your high-impact software publishers?:


Thank you for completing the Cybersecurity / Asset Management questionnaire. Our expert advisor will prepare your complimentary assessment report and contact you to discuss the findings and recommendations.