The first thing an information security manager should do after identifying suspicious activity on a PC that is not in the organization’s IT asset inventory is to determine why the PC is not included in the inventory. This will help to identify the source and scope of the threat, as well as the potential impact and risk to the organization. The IT asset inventory is a list of all the hardware, software, data, and other resources that are owned, controlled, or used by an organization. It helps to establish accountability, visibility, and control over the IT assets, as well as to support security policies and procedures.
If a PC is not included in the inventory, it may indicate that it has been compromised by an unauthorized user or entity, or that it has been moved or transferred without proper authorization. It may also indicate that there are gaps or errors in the inventory management process, such as missing records, duplicate entries, outdated information, or inaccurate classification. These issues can pose significant challenges for information security management, such as:
Lack of visibility into the IT environment and assets
Difficulty in detecting and responding to incidents
Increased risk of data breaches and cyberattacks
Non-compliance with regulatory requirements and standards
Reduced trust and confidence among stakeholders
Therefore, an information security manager should take immediate steps to investigate why the PC is not included in the inventory and take appropriate actions to remediate the situation.
References = CISM Manual, Chapter 6: Incident Response Planning (IRP), Section 6.2: Inventory Management1
1: https://store.isaca.org/s/store#/store/browse/cat/a2D4w00000Ac6NNEAZ/tiles
