Description
UW System Administrative Policy 1035 (Information Security: IT Asset Management) establishes that the UW System Administration will identify a system-wide standard asset management tool to be used by all institutions to account for their UW owned or leased IT assets. Additionally, Policy 1035 requires that each UW institution conduct an annual inventory of all UW owned or leased Information Technology (IT) assets.
Given the policy compliance requirements, the inefficient methodologies and the incomplete inventories, it makes sense for the UW System to establish an enterprise approach. A team will be assembled to develop an enterprise approach from a tool, policy, and operations ownership perspective. The team will develop and/or assess:
• Alignment to 2020FWD and CORE
• Interconnections with existing activities and/or agility for future initiatives such as endpoint and network management, security monitoring/SOC services and network protection
• Adoption strategy to include transition plans, progressive roll-on roadmap and any required training
• Total cost of ownership and financial model to be used
• Impact of leveraging UW-Madison’s RFP as a procurement vehicle for an enterprise ITAM solution
Expected outcomes may include: increased efficiency and effectiveness through an enterprise approach; reduction in risk and increased resiliency; improved visibility and hygiene.
The team will define the current state at each of the UW institutions, establish the project requirements, and assess specific campus capabilities and processes that might serve as a model. Our intent is to define a progressive, roll-on roadmap for the institutions. The team will also work with UW-Shared Services (UWSS) to understand their intent for IT asset management service delivery.
In 2019 UW-Madison completed a Request For Proposal (RFP). The results of the RFP were that several IT asset management vendors were awarded. The intent is that this team will be able to leverage the UW-Madison RFP as a procurement vehicle for the new IT asset management solution.
A foundational aspect of any security program is having a solid understanding of what is on your network – hardware, software and data; where these items are located; and the technical health status of these various items (IT hygiene). An enterprise IT asset management tool can provide a consistent, unified approach to the inventory of IT assets across all institutions including enterprise oversight with full transparency, and the ability apply consistent, system-wide security policies and controls. An enterprise tool provides a single source of truth that is critical, not only for protection, but for the ability to respond to, and quickly recover from, information security incidents. An enterprise tool, coupled with policy and procedure can provide the following benefits:
• Efficient use of information technology resources
• Life cycle management
• Improve information security incident response efforts