Cybersecurity Risk Management - Software Platforms
The NIST CSF subcategory ID.AM-2 deals with the inventory of software platforms and applications used in your organization. Most organizations will that creating an inventory of software to be a bit more challenging than creating one for hardware.
When developing the inventory, make sure to take a holistic view of your organization’s operations and functions to build a comprehensive list of the software used in each line of operations.
Similar to the approach used for hardware, automation will play a critical role in the software inventory. Running vulnerability management or scanning software should provide visibility into each scanned system's software.
A recommended inventory management approach would be to keep the hardware inventory and software inventory in a single location or file to facilitate the identification of critical issues if they arise.
*** FREE GUIDE ***
Dr. Bill Souza
CEO | Founder