Have an up-to-date inventory of workstations and servers

The objective is to have up-to-date knowledge of all servers and workstations in use. This understanding helps you identify possible attack vectors and essential assets for your organization. In case of an incident it can help you to detect where the problem comes from and potentially which supplier you need to contact. Keeping an inventory of your IT assets allows you to understand the scope of your essential assets. It also helps you to identify those resources that are no longer used but have not yet been decommissioned.

Maintain a list of all PC's and Laptops that connect to your network, including basic information as who is the owner of the device.

Maintain a list of all the servers in your network. Categorise them by different server-types, based on purpose and/or operating system.

For each server-type (e.g. Linux mail Server, Windows File Server), a different risk assesment will be needed

Continue improving your workstation and server inventory, and add important information that will help you assess, evaluate or respond quicker to Incidents. You should be aware, for each server, of at least the following info:

Workstations:

Workstation Type (Laptop, Desktop, Tablet,...)
Workstation Brand and model
Waranty, Support Info and Service Contract
Owner
Operating System
Installed Applications

Servers

Server Brand, Type and Vendor
Waranty, Support Info and Service Contract
Purpose, applications and owner
Server Name, IP Addresses, Domain joined or not
Baseline Configuration
Maintenance windows
Recent Changes

TASK

Have an up-to-date inventory of internet connected servers.

TASK

Have an up-to-date inventory of workstations.