Systematic Literature Review on IT Asset Management Framework in Security Operation Center

A’in Hazwani Ahmad Rizal; Sakinah Ali Pitchay; Yau Ti Dun

doi:10.53840/myjict7-2-161

Authors

A’in Hazwani Ahmad Rizal Faculty of Science & Technology Universiti Sains Islam Malaysia
Sakinah Ali Pitchay Cybersecurity & Systems Research Group Universiti Sains Islam Malaysia
Yau Ti Dun SysArmy Sdn Bhd

DOI:

https://doi.org/10.53840/myjict7-2-161

Keywords:

Asset Management Policy, IT Asset Management, Security Operation Center

Abstract

Each successful cyber incident cost $4.24 million per incident on average in 2021 which impacted the company's reputation, (IBM, 2022). The growing cybersecurity threats have affected business environments in all different sectors, especially in the IT landscape. Deploying a Security Operation Center (SOC) either in-house or outsourced concepts would be one of the mitigations to prevent cybercriminals. SOC operates in a huge team that relies on people, processes, and technology. However, 60% of Malaysian cybersecurity technologies are currently deploying outdated versions according to the latest findings, (Digital News Asia, 2022) and there is an inadequate tool used in SOC environments. Moreover, there is still a gap in the SOC framework used in maintaining the quality of technology, especially IT assets, (John Burke, 2020). This paper aims to analyze the state-of-the-art IT asset management policy used globally via a comparative study. It employs qualitative research on the literature surveys for SOC's existing IT asset management. The findings from the analysis show that existing frameworks are inadequately guided especially in maintaining the IT assets' quality which is aligned with the current technology. By proposing an improved policy in IT asset management in SOC, the cybersecurity threat prevention and identification process could be improved. Thus, this paper will help in identifying a comprehensive IT asset management in SOC and the total cost damage which aligns with governance’s initiative nation cybersecurity strategy for 2020-2024

Downloads

Download data is not yet available.

References

Deloitte (2020). Accelerated Digitalisation Leave Businesses Susceptible to Cyberattack. Deloitte. Retrieved from https://www2.deloitte.com/uk/en/pages/consumer-business/articles/accelerated-digitalisation-leave-businesses-susceptible-to-cyberattacks.html

IBM (2022). Insights into What Drives Data Breach Costs. Retrieved from https://www.ibm.com/account/reg/uk-en/signup?formid=urx-51643

CheckPoint (2022). The Importance of the Security Operations Center (SOC). Retrieved from https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-soc/the-importance-of-the-security-operations-center-soc/

Information Technology – IT Asset Management (Part 1). ISO/IEC 19770-1:2017. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso-iec:19770:-1:ed-3:v1:en

Abd Majid M, Zainol Ariffin KA (2021) Model for successful development and implementation of Cyber Security Operations Centre (SOC). PLOS ONE 16(11): e0260157. https://doi.org/10.1371/journal.pone.0260157

Akalanka P., Shanith R., Amila N., N. D. P., (2021). The Next Gen Security Operation Center. 6th International Conference for Convergence in Technology (12CT). DOI: 10.1109/I2CT51068.2021.9418136

Arnold Johnson, Kelley Dempsy, Ron Ross (2019). Guide for Security-Focused Configuration Management of Information Systems. NIST Special Publication 800-128. National Institute of Standards and Technology.

Chuck Brooks (2020). Cybersecurity in 2022 – A Fresh Look at Some Very Alarming Stats. Forbes. Accessed on June 6th, 2022. Retrieved from https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/?sh=523d2ad96b61

COBIT (2018). IT Asset Management and COBIT® 5: Strategic Ingredients for Effective Governance of Enterprise IT. ISACA Framework. ISACA Organization.

Crowley, C., & Pescatore, J. (2019). Common and Best Practices for Security Operations Centers. SANS Institute. Retrieved from https://www.sans.org/media/analyst-program/common-practices-security-

Cybersafe Malaysia. Asset Protection (2022). Cybersecurity Malaysia. Accessed on March 10th, 2022. Retrieved from https://www.cybersafe.my/pdf/guidelines/guideline_SME.pdf

Dasar Keselamatan Negara 2021-2025 (Matriks Keselamatan Negara) Dibawah Keselamatan Siber & Teknologi. National Cyber Security Agency (NACSA), Malaysia. A Retrieved from https://asset.mkn.gov.my/web/wp-content/uploads/sites/3/2019/08/DASAR-KESELAMATAN-NEGARA-2021-2025-PDF.pdf

Dun, Yau & Faizal, Mohd & Zolkipli, Mohamad & Bee, Tan & Firdaus, Ahmad & No,. (2021). Grasp on Next Generation Security Operation Centre (NGSOC): Comparative Study. 10.22075/IJNAA.2021.5145.

John Burke (December 2020) 8 Challenges Every Security Operations Centre Faces. TechTarget. Retrieved from https://www.techtarget.com/searchsecurity/tip/8-challenges-every-security-operations-center-face

M. Vielberth, F. Böhm, I. Fichtinger and G. Pernul, "Security Operations Center: A Systematic Study and Open Challenges," in IEEE Access, vol. 8, pp. 227756-227779, 2020, doi: 10.1109/ACCESS.2020.3045514.

Pook-Ping Yao (2019). Count Your Asset Before They’re Hacked. AutomatedBuildings. Retrieved from http://automatedbuildings.com/news/jun19/articles/optigo/190516095909optigo.html

MAMPU (2020). Polisi Keselamatan Siber MAMPU. Unit Permodenan Tadbiran dan Perancangan Pengurusan Malaysia. Jabatan Perdana Menteri.

Maya G (2021). IT Asset Management – Asset Management Process. ITILDocs. Access on June 12th, 2022. Retrieved from https://www.itil-docs.com/blogs/asset-management/it-asset-management-process

Michael Stone, Chinedum Irrechukwu and Leah Kauffman (2018). IT Asset Management. NIST Special Publication 1800-5. National Institution Standards and Technology.

MIMOS, MAMPU, CSM (2016). Rangka Kerja Keselamatan Siber Sektor Awam. Jabatan Kerajaan Malaysia.

ORDR (n.d.) The Increasing Importance of Cybersecurity Asset Management. Accessed on April 24, 2022. Retrieved from https://ordr.net/article/increasing-importance-of-cybersecurity-asset-management/

Prodan, Mircea & Prodan, Adriana & Purcarea, Anca. (2015). Three New Dimensions to People, Process, Technology Improvement Model. Advances in Intelligent Systems and Computing. 353. 481-490. 10.1007/978-3-319-16486-1_47.

Rama Bansode, Anup Girdhar (2021). Common Vulnerabilities Exposed in VPN- A Survey. Journal of Physics: Conference Series. DOI: 10.1088/1742-6596/1714/1/012045

Sarah Hospelhorn (2020). Analysing Company Reputation After a Data Breach. Varonis. Accessed on June 9th, 2022. Retrieved from https://www.varonis.com/blog/company-reputation-after-a-data-breach

Stephanie Trovat0 & Rob Watts (2022). What is IT Asset Management? Forbes. Accessed on June 10th, 2022. Retrieved from https://www.forbes.com/advisor/business/it-asset-management/

Telecom26 (2021). Security for Critical Infrastructure. The Role of IoT and Non-Public Network. Telecom26 White Paper (NPNs). Accessed on June 10th, 2022.

Tim Roots (2020). Asset Life Cycle: An Introduction of Asset Management. Parago by Civica. Accessed on June 11th, 2022. Retrieved from https://www.paragosoftware.com/2020/08/asset-life-cycle-an-introduction-to-asset-management/

Vielberth, Manfred. (2021). Security Operations Center (SOC). 10.1007/978-3-642-27739-9_1680-1.

Vielberth, Manfred & Böhm, Fabian & Fichtinger, Ines & Pernul, Günther. (2020). Security Operations Center: A Systematic Study and Open Challenges. IEEE Access. PP. 10.1109/ACCESS.2020.3045514.

IBM Cloud Education (2022). What is IT Asset Management (ITAM)? IBM. Accessed on June 10th, 2022. Retrieved from https://www.ibm.com/cloud/blog/it-asset-management

Atlassian (2022). What is IT asset Management (ITAM)? Retrieved from https://www.atlassian.com/itsm/it-asset-management

Information Security, cybersecurity and privacy protection – Information Security Controls. ISO/IEC 27002:2022. Retrieved from https://www.iso.org/standard/75652.html

ManageEngine (2022). IT Asset Life Cycle Management. Retrieved from https://www.manageengine.com/products/asset-explorer/it-asset-life-cycle-management.html

Deloitte (2022). IT Asset Management. Retrieved from https://www2.deloitte.com/be/en/pages/risk/solutions/it-asset-management.html

Danny Palmer (2021). Digital Transformation is Creating New Security Risks, and Business Can’t Keep Up. ZDNET. Retrieved from https://www.zdnet.com/article/digital-transformation-is-creating-new-security-risks-and-businesses-cant-keep-up/

Digital News Asia (2022). Over Half of Cyber Security Technologies in Malaysia Outdated: Cisco. Digital News Asia. Retrieved from https://www.digitalnewsasia.com/business/over-half-cyber-security-technologies-msia-outdated-cisco

ITAMOrg (2022). ITAM Foundation. Retrieved from https://itamorg.com/