Asset inventory
P.Leclercq in Security 2025-08-01 governance security tips
Why an inventory?
Before delving further into Cyberfundamentals, we’ll address an issue that isn’t explicitly listed in the texts, but which is fundamental to meeting the following requirements: asset inventory. Indeed, “how do you protect what you don’t know?” is a well-known saying in security.
The goal of this process is therefore to create a list of the assets required by the business for information management: data, hardware, and software. Quick and easy to say, not so quick in practice. We quickly end up with hundreds of items, overly frequent updates, and the question of granularity: what level of detail do we stop at? Should we go as far as a device’s power cord?
Process and structure
We’ll start with the simplest: hardware. Sit at your workstation and make a list of what you use: a computer (including its monitor, keyboard, and mouse), an external hard drive, and a telephone. Look around and note the items you see: a printer, possibly another computer. Follow the network cables: a switch, a router, the internet provider’s modem. Continue if your infrastructure is more extensive.
As you go, complete a list similar to the following:
| Index | Name | Type | Brand | Owner | Location | Label | Note |
|---|---|---|---|---|---|---|---|
| 1 | Boss PC | Computer | HP | John Doe | Main office | PC1 | |
| 2 | Printer | Laser Printer | Canon | John Doe | Main office corner | PR1 | |
| 3 | Internet | Router | Crazytel | John Doe | Cabinet next to front door | ROUT1 |
You can find an example spreadsheet here.
Labeling
You may have noticed a Label column. It is recommended to affix a label to company equipment indicating its ownership and bearing a unique name or number to facilitate inventory verification. This can also be useful in case of theft. Preferably, use non-removable labels and permanent markings.
Verification and update
Obviously, such a list must be updated when new equipment is purchased or when old ones are decommissioned. Furthermore, an annual verification is recommended at least once a year.
Conclusion
An asset inventory is a fundamental element for meeting other security requirements and ensuring that protective measures cover the entire scope of assets.