Working with assets in Asset Manager
Assets represent things that are of value to your organization. Assets can be tangible, like laptops, servers, and software, or they can be intangible, like third-party business relationships, intellectual property, and policies. By tracking your organization's assets, you protect your organization from fraud, theft, compliance issues, and unacceptable risk.
Note
The Asset Manager app is not the only way to manage your assets. You can do this in the Asset Inventory app also, but the Asset Manager app offers better user experience and time to value. Asset Manager is also better suited to manage your IT and third-party assets.
How it works
You create assets in the Asset Manager app.
All assets are instances of an asset type. The asset type is a class that defines the format and behavior of its assets: what attributes they have, what workflow they move through during their life-cycles, and who can see them and work on them.
Example
Scenario
As part of your organization's third-party risk management program, you track all third-party assets using an asset type called Third Party.
Your organization wants to do business with a new vendor called Slack, to handle your internal communication needs. Before this can happen, you need to create a new Slack asset and put it through your normal third-party risk assessment process.
Process
- Navigate to the Third Party asset type.
- Create a new asset called Slack.
- Move Slack through your Third Party asset workflow.
- Register and categorize the asset by entering critical details about Slack, like the vendor's owner, risk manager, its type, a brief description, and a criticality level.
- Assess Slack's risk, either manually or by distributing a risk assessment and allowing Diligent One to calculate an assessment for you.
- Activate Slack.
Result
Your Slack asset has been created, registered, categorized, and assessed. It is marked as Activated, and the purchase can go through. Periodically, you can re-assess Slack, and if your organization stops using it one day, you can archive it.
Creating, updating, and deleting asset types
We supply asset types as part of your solution. You cannot create, update, or delete asset types on your own, but you can engage our consulting team to customize your environment.
Managing associations between asset types and risk categories in frameworks
Manage associations between asset types and risk categories in a framework. Then, you can use those associations in a project, where you can assess risks and controls in the context of those assets.
Note
Interface terms are customizable, and fields and tabs are configurable. Elsewhere in Diligent One, the term for risk categories may vary.
- Open the Frameworks app.
- Open the framework you want to associate the asset types to.
- On the Assessment tab, navigate to a risk category's Records tab.
- Under Associated asset types, click Manage associations.
- In the Manage asset type associations panel, select or deselect asset types to create or remove associations between them and the framework.
- Click Save.
Result You can now create a project using the asset type associations in your framework. If required, you can then add additional associations at the project level.
Importing risk categories from a framework to a project
After associating risk categories to asset types in a framework, you can import the risk categories into a project.
Note
Interface terms are customizable, and fields and tabs are configurable. Elsewhere in Diligent One, the term for risk categories may vary.
-
From the Launchpad home page (www.highbond.com), select the Projects app to open it.
If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Projects app.
The Projects home page opens.
- Open a project you want to import objectives to.
The project dashboard opens.
- Click the Assessment tab.
- Click Import Risk Category.
- Select the appropriate framework from the Frameworklist that you want to import risk categories from.
- Select the risk categories you want to import.
- Click Import.
ResultDiligent One imports your selected risk categories.
For more information, see Cloning and importing objectives.
Managing associations between assets and risk categories in projects
After you have associated asset types to risk categories in a framework, you can import those risk categories into a project. Then, in that project, you can choose individual assets from the asset types you associated with those risk categories, and mitigate the risks associated with those assets in your project.
Note
Interface terms are customizable, and fields and tabs are configurable. Elsewhere in Diligent One, the term for risk categories may vary.
Associating assets to projects
Create associations between assets and risk categories, so you can mitigate the risks associated with those assets in your project.
- Open the project you want to associate assets with, and click the Scoping & BIA tab.
- On the Scope tab, click Scope assets.
- In the Scope assets window, select an asset type and click Continue.
- Optional. Narrow down the list of assets by filtering by attribute types.
- Click Filter. In the Filter side panel, create one or more filters using any attribute types that have dropdown list inputs in Asset Inventory.
- Click Apply. Diligent One filters out the assets that don't match your criteria.
- Select the assets you want to associate with your project and click Continue.
- Select the risk categories to associate with your project and click Continue.
- Review and finalize your selected assets and risk categories. You can go back and make changes, or click Save and scope assets to continue with your selected associations.
After associating assets with your project, you can click on the asset names to view more details about them, or to remove the association from your project. You can also navigate to the asset in the Asset Manager by clicking on the asset name in the Asset details panel.
Removing associations between assets and risk categories
You can remove the association between assets and risk categories if the assets are no longer needed, or if they were associated to risk categories accidentally. By removing those associations, you remove the assets from the scope of the project.
- Open the project you want to remove an associated asset from, and click the Scoping & BIA tab.
- On the Scope tab, navigate to the asset type associated with the asset you want to remove and click the Expand icon .
- Click the name of the asset you want to remove.
- In the Asset details panel that appears, click Remove asset.
- In the confirmation message that appears, click Remove asset.
- Repeat steps 1-5 for any remaining asset associations you want to remove from your project.
Result You have removed the associations between the required assets and risk categories from your project.
Creating assets
Add an asset to the Asset Manager app, so you can store and gather information about it, assess the risks that come with it, and take actions to mitigate those risks.
- Open the Asset Manager app.
- Click the asset type you want to add your asset to.
- Click +Add [asset type].
- In the Add [asset type] panel, enter a name for your new asset.
- Enter any other details necessary and click one of the following:
- Add Asset to save the asset and close the panel.
- Save & Add New to save the asset and add another one.
Result Your assets are created. You can begin to move it through its life-cycle by transitioning it to another status.
Updating asset details
You can update the data associated with an asset to reflect new information when that asset changes.
- Open the Asset Manager app.
- Under All Asset Types, click on the asset type of your choice.
- In the table that contains asset details, click the name of the asset you want to edit. If you have a large number of assets, you can search, sort, and filter to find the right one.
- In the Details tab, make the required changes, and click Save Changes.
- Optional. If your asset's status has also changed, you can transition it to another status.
Add or change the owner of an asset
To add or update the owner of an asset, perform the following steps:
- Open the Asset Manager app.
The Asset Manager home page opens.
- Under All Asset Types, click the asset type of your choice.
- In the asset list, click the name of the asset of your choice. If you have a large number of assets, you can search, sort, and filter to find the right one.
- In the Details tab, find and click on the owner field you want to add or change. For example: Business Owner, Technical Owner, etc.
- Select a user from the drop-down list, and click Save Changes.
Result The asset is assigned to the user selected, and an email notification is sent to the assigned user.
Transitioning assets to another status
Transitioning assets to another status is how you move assets through their life-cycle. Depending on the workflow an asset type uses, different actions can happen during a transition. For example, Diligent One might check that the required fields contain data, or it may trigger a questionnaire to get further information about the asset.
- Open the Asset Manager app.
- Navigate to the asset type for the asset you want to transition.
- In the table that contains asset details, click the name of the asset you want to transition. If you have a large number of assets, you can search, sort, and filter to find the right one.
- Click the button in the upper right to transition the status of the asset. This will transition the asset to the chosen status.
Note
Different status transitions can require different conditions such as certain attributes being filled in, or they can trigger events like sending questionnaires to gather incomplete information. If you have problems moving your asset to another status, contact a System Admin or your Diligent representative for assistance.
Linking assets to other assets, risks, or controls
You can create custom relationships between assets and other assets, risks, and controls. For more information, see Managing relationships in Asset Manager.
Assessing assets with questionnaires
You can assess your assets by sending questionnaires to users. For more information, see Managing questionnaires in Asset Manager.
Viewing linked discrete assets from Tenable
Follow these steps to view the discrete assets linked to an aggregated asset:
Note
Before viewing, ensure that you have linked the discrete assets to the aggregated assets. For information about linking, see Linking discrete assets to aggregated assets.
- Open the Asset Manager app.
- Select the asset type that contains the asset you want to view.
- Select the asset that you want to view and select Discrete Assets.
Result The linked discrete assets are displayed. Each discrete asset contains details about the asset, related findings and CVEs. You can select Show findings to go to the Findings tab, and you can select Show CVEs to view the related CVEs.
Viewing vulnerabilities from Tenable
Follow these steps to view the vulnerabilities (CVEs and Findings) that are related to an asset:
Note
Before viewing the CVEs, ensure you have imported data from Tenable and you have linked the discrete assets to the aggregated assets. For more information, see Importing Tenable data into Asset Manager and Linking discrete assets to aggregated assets.
- Open the Asset Manager app.
- Select the asset type that contains the asset you want to view.
- Select the asset that you want to view and select Vulnerabilities
- Select CVEs or Findings to view the respective items.
Result The linked items are displayed. In CVEs, you can click on the CVE to view its details in the National Vulnerability Database, and you can click Show findings to go to the Findings tab. In Findings, you can select Show CVEs to view the related CVEs.
Deleting assets
You can permanently delete assets. Generally, unless an asset was created in error, it's better to transition it through its normal life-cycle.
Caution
Deleting an asset cannot be undone. This will also delete any associated work, including its asset profile, and any related assessments or related findings. Make sure you do not need any of these things before you delete an asset.
- Open the Asset Manager app.
- Click the asset type for the asset you want to delete.
- In the table that contains asset details, click the name of the asset you want to delete.
- On the page for that asset, click and click Delete. This prompts a dialog box with a warning message requesting confirmation.
- Click Delete to confirm. The asset and any associated work is deleted.