Asset and Change Management (OBJ 1.3, 4.1 & 4.2)

Systematic process of developing, operating, maintaining, and selling assets cost-effectively
Ensures that all of our digital assets, ranging from hardware devices to software applications, have been identified, cataloged, and monitored
Helps us reduce potential vulnerabilities and to ensure that the security protocols are consistently being applied across all of our assets.

Structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state
Used to guarantee that any modifications to our systems, whether they're to software updates or to new technology implementations, are being done in a controlled and secure manner, and this prevents unforeseen security gaps or misconfigurations from occurring.
Asset and Change Management provide us with a structured framework to prevent, detect, and respond to cyber threats.

Structured process of sourcing, vetting, and obtaining security technologies and services to bolster organizations' defenses against cyber threats.

Assignment/Accounting and Monitoring/Asset Tracking
- Clear ownership and classification of assets
- Rigorous monitoring through inventory checks and MDM solutions

Processes
- Sanitization, destruction, certification, data retention policies
- Minimizes the risk of unauthorized access or data breaches

Every change should undergo a strict approval process while considering a lot of different aspects
- Change advisory board's insights
- Ownership of the change
- Stakeholder involvement
- Thorough impact analysis
Approval Process
- Strict approval for every change
- Consideration of CAB insights, ownership, stakeholder involvement, and impact analysis

Best Practices
- Schedule maintenance windows
- Thorough backout plans
- Consistent testing post-implementation

Management Aspects
- Allow lists, deny lists
- Handling downtime, restarts
- Managing legacy applications and dependencies
  - Avoid vulnerabilities and system clashes