Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISO/IEC27000: Asset Management

by Cody Dumont
June 20, 2016

As organizations continue to adopt regulatory and compliance frameworks, one of the most crucial steps in maintaining overall compliance is having an accurate asset inventory. Any gaps in scanning an organization’s asset inventory can allow for unauthorized hosts, vulnerable systems, and malicious software to infiltrate an organization’s network. This Assurance Report Card (ARC) can assist organizations in identifying both authorized or unauthorized systems, and whether assets are being scanned on a regular basis.

Asset management provides organizations with a complete picture of the location and status of hardware and software assets on the network. Having an accurate inventory can assist organizations with establishing an accurate baseline, and assist with improving licensing costs, auditing, and compliance requirements. This Assurance Report Card (ARC) aligns with the asset management controls of the ISO/IEC 27002 framework, which helps to ensure that physical devices, systems, and software applications are inventoried on a continuous basis.

Attackers are using increasingly sophisticated ways to gain control over critical network assets. Having unknown or unauthorized assets can lead to data leakage, compromised hosts, and leave critical systems vulnerable to attack. An effective asset management program will help organizations to quickly identify existing assets, and prioritize security risks. In addition, organizations will be able to quickly identify and remediate any gaps within security policies on the network.

This ARC provides a comprehensive look into an organization’s current hardware and software assets, and whether inventories are being updated. Systems and vulnerabilities are identified using a combination of active scans by Nessus and passive scans by the Nessus Network Monitor (NNM). Devices that connect to the network intermittently will be detected by NNM. Organizations will be able to verify if any wireless access points or scanned mobile devices are present on the network. Additional policy statements will detect assets running with unsupported software, and Microsoft Office or Adobe applications installed. Having complete visibility on current network assets will allow organizations to quickly detect, respond, and prevent unauthorized assets on the network. Policy statements can be customized as needed to meet organizational requirements.

This ARC is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The ARC can be easily located in the Feed under the category Compliance. The ARC requirements are:

  • Tenable.sc 5.3.2
  • Nessus 8.5.1
  • LCE 6.0.0
  • NNM 5.9.0

Tenable Tenable.sc Continuous View (Tenable.sc CV) is the market-defining continuous network monitoring platform. Tenable.sc CV includes active vulnerability detection with Nessus and passive vulnerability detection with Tenable Nessus Network Monitor (NNM), as well as log correlation with Tenable Log Correlation Engine (LCE). Tenable.sc CV can help an organization continuously monitor and measure the effectiveness of security controls. Using Tenable.sc CV, an organization will obtain the most comprehensive and integrated view of its network assets.

ARC Policy Statements:

At least 70% of actively and passively detected systems have been scanned: This policy statement displays the number of systems that have been scanned to the total of actively and passively detected systems. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Systems on the network are detected both passively by NNM and actively by Nessus. To ensure that every system is properly identified and evaluated, all systems should be actively scanned by Nessus on a continual basis.

At least 70% of systems are registered in DNS: This policy statement displays the number of systems that have a Fully Qualified Domain Name (FQDN) in DNS to the total systems that have been detected on the network. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Systems on the network are detected both passively by NNM, and actively by Nessus. Any detected device without a FQDN discovered in DNS could be an unknown or unauthorized device, and should be further investigated.

Scanned mobile devices that have been detected within the last 7 days: This policy statement displays the number of scanned mobile devices that have been detected within the last 7 days to total scanned mobile devices. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Scanned mobile devices detected within this policy statement are considered unmanaged/non-MDM mobile devices. Unmanaged mobile devices often remain unpatched for long periods of time, and can present serious security risks for an organization. Organizations should monitor all scanned mobile devices to ensure whether the device is authorized and up-to-date.

Wireless access point devices that have been detected within the last 7 days: This policy statement displays the number of wireless access point devices that have been detected within the last 7 days to total wireless access point devices. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Many organizations utilize wireless access points (WAP) for mobile and portable device connectivity. Unauthorized or rogue WAPs can provide attackers with the ability to subvert security policies and install malicious code on critical systems. All systems should be monitored to detect and prevent rogue WAPs from accessing network resources.

At least 70% of systems have been inventoried for Microsoft Office or Adobe applications: This policy statement displays the number of systems that have detected Microsoft Office or Adobe applications installed to total systems where software enumeration has been conducted. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. The results are monitored to determine when software was last inventoried for Microsoft Office or Adobe applications. Most organizations have license keys associated with Microsoft Office and most Adobe applications. Information included within this policy statement can provide an assessment of current license keys that may be in use.

Less than 5% of systems are running unsupported software: This policy statement displays the number of systems with unsupported software installed to the total systems that have been detected on the network. If the policy statement requirement is met, the result is displayed in green; otherwise, the result is displayed in red. Software on a network that is no longer supported by the vendor can present serious security risks for an organization, as any software vulnerabilities will no longer be patched. This software may include outdated operating systems, applications, browsers, or other software. Unsupported software should be monitored regularly to determine whether the software should be updated or removed, or have additional security controls deployed.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training