Inventory

Inventory is one of the earliest processes in the System Development Life Cyle (SDLC) and also one of the most critical. It is a sub-process of both the System Characterization process and the Configuration Management process and the output from it either directly feeds many other processes or has significant influence over them.

An accurate inventory of system components is an essential piece of the system description in the System Characterization process. This inventory and system description feeds into the Risk Assessment process and any errors in the inventory might have a serious effect on the analysis of risk that might be exploited against the system. The output of the risk analysis determines how the preventitive security controls will be selected, tailored and implemented.

The Configuration Management process begins with an accurate component inventory. The process continues later when controls have been selected by recording configuration settings and then establishing a configuration baseline to be followed. Inventory sets the stage for this and is also absolutely critical later on in Continuous Monitoring, Vulnerability Scanning and Patch Management. Any mistakes or discrepancies in the inventory may affect these processess negatively.

Asset Management/Inventory must also be updated at the end of the SDLC in the Disposal phase when systems are taken down.

Leave a Reply

You must be logged in to post a comment.