• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

Cybersecurity
Asset ManagementPRESENTED BY

  • Home
  • Features
  • Video
  • Resources
You are here: Home / Features / IT Service Management vs. Cybersecurity Asset Management

IT Service Management vs. Cybersecurity Asset Management

By Noah Simon

At the surface, IT service management (ITSM) shares a lot of similarities to cybersecurity asset management. For starters, understanding all of the assets your organization has (devices, applications, cloud instances, users, and more) is fundamental to both functions.

But the core objectives of ITSM and cybersecurity asset management are very different.

IT service management is about maximizing business value from your IT stack.

Cybersecurity asset management is about knowing everything you have and applying security controls.

What is service management?

IT service management includes all the activities needed to deliver IT services to employees and customers. 

Frequently, this means establishing an IT Service Desk to provide a single point of communication that meets the needs of customers and employees.

There are many other functions of ITSM, too:

  • Asset management: Tracking, updating, and mapping the hardware and software assets of the organization. This is often done using a Configuration Management Database (CMDB)
  • Change management: Minimizing the impact and disruption of services when changes to IT infrastructure need to be made
  • Knowledge management: Sharing and documenting IT information to share across the organization (often in form of a knowledge base)
  • Project management: Planning needed operational changes to IT systems associated with business projects
  • Incident and problem management: Handling single incidents and interruptions to service, and larger problems that may step from multiple issues that have the same root cause

With the rise of agile development, ITSM is now heavily focused on serving DevOps and product-focused teams.

There are a variety of standards for ITSM, but the Information Technology Infrastructure Library (ITIL) framework is the most widely adopted.

What is cybersecurity asset management?

Cybersecurity asset management is the process of gathering asset data (devices, cloud instances, and users) to strengthen core security functions, including:

  • Detection and response: Ensuring detection and response capabilities provide coverage across the enterprise
  • Vulnerability management: Understanding which assets may be vulnerable to exploits, and ensuring all assets are being evaluated for vulnerabilities
  • Cloud security: Ensuring that cloud instances are secure and configured to prevent overly permissive access rights, even when they’re commissioned and decommissioned rapidly 
  • Incident response: Using enriched, correlated data on assets to expedite incident response investigations and remediation
  • Continuous control monitoring: Identifying when security controls are missing and need to be applied

The Similarities Between ITSM & Cybersecurity Asset Management

To be successful, both cybersecurity asset management and ITSM require a full understanding of hardware and software assets.

For ITSM, understanding all assets can be used to better understand the costs of delivering service, and project costs for any changes needed to IT infrastructure.

Cybersecurity asset management revolves around understanding all assets in order to strengthen the overall security posture.

The Differences Between ITSM & Cybersecurity Asset Management

While both functions provide a level of detail around assets, cybersecurity asset management focuses on a comprehensive understanding of all assets and their relationship to security posture, while ITSM centers on delivery with minimal disruption.

ITSM can usually function well even if some assets aren’t accounted for. 

As long as IT services are reaching end-user customers efficiently and there’s minimal disruption, ITSM can enable the business to meet its larger goals.

In contrast, the strength of a cybersecurity asset management practice includes a complete understanding of all assets to minimize an organization’s attack surface. 

This includes knowing where all assets are located, what software exists on them, if they’re being protected by existing security controls, and — most importantly — if the asset adheres to company security policies.

Delivering a successful cybersecurity asset management program translates to effectively managed risk for the business. And when risk is managed effectively, businesses are more likely to meet (and even surpass) their goals.


Noah Simon, Director of Product Marketing, Axonius

Noah Simon is Director of Product Marketing at Axonius. Noah is passionate about cybersecurity, and always seeking to understand how new technologies can help companies and individuals protect themselves from the continually evolving risk landscape. Noah has previously held product marketing roles at BitSight, Cybereason, and White Ops.

Primary Sidebar

The asset management challenge

Tweets by AxoniusInc

Footer

Cybersecurity Asset Management is a partnership between Axonius and SC Media. Its mission is to highlight best practices, thought leadership and important trends related to IT asset management’s evolving role in cybersecurity.

SC Media is cybersecurity. For 30 years SC Media armed information security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders, custom research, and independent product reviews in partnership with and for top-level information security executives and their technical teams.

Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 200 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately.

Contact Us

© 2020 Axonius & SC Media