One of the many initiatives at the company I work for is to take a full inventory of all the network devices within the company. This is to stay ISO 27001 compliant. An advantage of being 27001 compliant is that it forces a company to be accountable and know every device that communicates across the network. A disadvantage is that for a very large company that is just starting to work within the framework, can struggle with the asset management portion. I’m a student at UAT and also work as an IT manager for a decent size corporation (40k+ employees). The problem that I see come up is that some network devices do not have any information on them as far as their purpose, what team supports them, etc. Bad asset management from the start it seems. In trying to detect the multitude of network devices that are like this, what are some methods that have helped you? I know a port scan can be effective but it’s only as good as the timeframe that it’s being run. Has anyone run into this particular problem as well and what have you done to rectify the situation?
October 29, 2013 11:08 AM