Have an up-to-date inventory of workstations and servers

The objective is to have up-to-date knowledge of all servers and workstations in use. This understanding helps you identify possible attack vectors and essential assets for your organization. In case of an incident it can help you to detect where the problem comes from and potentially which supplier you need to contact. Keeping an inventory of your IT assets allows you to understand the scope of your essential assets. It also helps you to identify those resources that are no longer used but have not yet been decommissioned.

Maintain a list of all PC's and Laptops that connect to your network, including basic information as who is the owner of the device.

Maintain a list of all the servers in your network. Categorise them by different server-types, based on purpose and/or operating system.

For each server-type (e.g. Linux mail Server, Windows File Server), a different risk assesment will be needed.

Continue improving your workstation and server inventory, and add important information that will help you assess, evaluate or respond quicker to Incidents. You should be aware for each system of at least the following information:


  • Workstation Type (Laptop, Desktop, Tablet,...)
  • Workstation Brand and model
  • Waranty, Support Info  and Service Contract
  • Owner
  • Operating System
  • Installed Applications


  • Server Brand, Type and Vendor
  • Waranty, Support Info  and Service Contract
  • Purpose, applications and owner
  • Server Name, IP Addresses, Domain joined or not
  • Baseline Configuration
  • Maintenance windows
  • Recent Changes


Have an up-to-date inventory of internet connected servers.


Have an up-to-date inventory of workstations.