Asset Security (Preventive & Detective)
Asset Security Requirements:
- Security of physical and intellectual assets
- Physical safeguards
- Keeping perpetual records
- Periodic counts and physical inventories
- Comparison of counts to perpetual records
- Investigating and correcting differences
Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems and confidential information must be safeguarded against unauthorized acquisition, use or disposition. Typically, access controls are the best way to safeguard these assets.
Some examples of access controls:
- Locked door
- Keypad system
- Card-key system
- Badge system
- Locked filing cabinet or safe
- Guard, terminal lock
- Computer password
- Menu protection
- Automatic call-back for remote access
- Smart card
- Data encryption
Inventory Controls for Physical Assets
Take the following actions to secure assets:
- Departments with capital assets or significant inventories should establish perpetual inventory control over these items by recording purchases and issuances.
- Periodically, the items should be physically counted by a person who is independent of the purchase, authorization and asset custody functions, and the counts should be compared to balances in the perpetual records.
- Missing items should be investigated, resolved and analyzed for possible control deficiencies. Perpetual records should be adjusted to match physical counts if missing items are not located.