A.7 Asset management

A.7.1 Responsibility for assets

Objective: To achieve and maintain appropriate protection of organizational assets.

A.7.1.1 Inventory of assets

Control

All assets shall be clearly identified and an inventory of all important assets drawn up and maintained.

A.7.1.2 Ownership of assets

Control

All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization.

A.7.1.3 Acceptable use of assets

Control

Rules for the acceptable use of information and assets associated with information processing facilities shall be identified, documented, and implemented.

Lumension Risk Manager provides a comprehensive view across hundreds of global regulations, mandates and internal policies improving the efficiency of controls and reducing risk.  Lumension Risk Manager helps create an IT Asset Catalog with Comprehensive Resource Types: Going beyond just IP-addressable assets, all resource types are included, such as applications, databases, servers, networks, data centers, people and processes.

For more details on Lumension Risk Manager

Encryption Partners

 Check Point have fully implemented the Point Sec product to their Full Disk Encryption range in order to offer security management and data protection.  FIPS-140-2 Certified

  CREDANT Technologies offers the flexibility to choose the encryption solution that best meets your data protection and compliance needs, delivering data encryption across any endpoint - desktops, laptops, handheld devices and removable media - including our patented, intelligent data encryption solutions as well as new hardware and software-based full-disk encryption offerings.  FIPS-140-2 Certified

 DES's award winning DESlock+ encryption software helps organisations and individuals to protect against all types of data breach by offering a simple, yet extremely powerful set encryption tools to protect data in transit and at rest. To meet the needs of Government and corporate bodies the DESlock+ software is certified in the UK by CESG - the UK national technical authority for information, assurance under its Claims Tested Mark (CCTM) scheme. DESlock+ also meets the rigorous FIPS-140-2 standard in the US and is validated by the National Institute of Standards and Technology (NIST). Available as DESlock Standard or DESlock PRO  

Safend Encryptor enforces an enterprise wide encryption policy to protect the data stored on laptop and desktop hard disks, so that sensitive data cannot be read by unauthorized users in the case of loss or theft. Safend Encryptor utilizes Total Data Encryption technology that automatically encrypts all data files, while avoiding unnecessary encryption of the operating system and program files. This innovative concept minimizes the risk of operating system failure, and has a negligible performance impact. Leveraging this unique encryption technology, Safend Encryptor provides transparent hard disk encryption.

IronKey Enterprise secures data with always-on hardware encryption to meet compliance and data protection requirements.  All user data on an IronKey Enterprise drive is encrypted with high-speed, AES CBC-mode encryption. IronKey Enterprise is deployed quickly using the cloud-based IronKey Enterprise Management Service. Administrators are in full control of deployed devices and if needed can remotely disable devices and wipe data. IronKey Enterprise logs device use for reporting and compliance. FIPS-140-2 Certified