Assignment Description:
The oldest documents to survive antiquity are Sumerian receipts estimated to be 7,000 years old. Written in cuneiform on clay tablets, this documentation has all of the recognizable details one would expect in a modern transfer of custody: who is making the purchase, who is recording it, what kind of stuff and how much, and so on.
It takes little imagination to frame the scene: the scribe, reed stylus in hand (maybe a few spares tucked into his hair) dutifully recording the contents of the transaction, making small talk with the customer, the late summer sun high in the sky, a light breeze signaling autumn is approaching.
Truly, things have not changed much since. Swap that stylus and tablet for their electronic counterparts (no coincidence, they are also referred to as a stylus and tablet). Paper and ink crank out of a receipt printer on the counter-or are automatically sent via SMS to the purchaser-after money is exchanged. Our modern scribe is still recording the same data: who is making the purchase, who is recording it, what kind of clothing and how much, where the product originated, and so on.
While the scene might be the same, modern technology has sped up the process. The ancient scribe would have needed to carefully bake his clay tablet to record his work, then filed it away in a document repository near the market for easy retrieval when the king's tax collectors came to visit. Our modern scribe simply presses an onscreen button with her electronic stylus on her electronic tablet and all her work is instantly saved in a database for safekeeping. When the king's collectors ask to audit the market, our ancient scribe would retrieve the germane tablets, calculate all the incomes and outgoings, then produce another clay tablet with all of his notes and calculations. That might take a couple of days or even a week. His modern counterpart has her information and reports in seconds.
The steps to create that audit have not changed. Auditors sent not by the King but by software publishers still have the same requirements: documentation of resources used, sold, purchased. Technology has made it easier and faster than ever to collect that information, even automating many of the steps. Why, then, do modern Information Technology (IT) departments still fail so miserably at recording and tracking their assets?
According to one survey from 2013, 52% of companies expect software audit penalties to exceed 10 percent of their revenue.1 An IT Security survey from 2017 estimated that 47 percent of data breaches were caused by human error including "lost devices" and "not securing the device when away."2 Such breaches are expected to generate costs between $1.1 to $3.8 million dollars per single incident."
1. "Tips to Get Ready for (or Possibly Avoid) Software Audits" by Rich Hein, CIO
2. "The biggest cybersecurity risk to US businesses is employee negligence, study says" by Carmen Reinicke, CNBC.com
3 "The cost of 2017 data breaches" by Dave Rickard, CSOOnline
Question 1: How can a lack of a robust ITAM be perilous to an organization?
Question 2: Is ITAM a part of Information Security Governance? Explain.