When it comes to protecting your business from cyberattacks, most people think about firewalls and antivirus software.

Behind every strong security system, there’s a less obvious yet crucial layer of protection. That is, to have a clear view of your IT assets and a solid process for managing IT services. This is where IT Asset Management (ITAM) and IT Service Management (ITSM) come in.

Think of it like building a house. The stronger the foundation, the more stable the house. Or, as our colleague David phrases in our recent webinar on the topic, ‘’Cybersecurity itself is like the top of the pyramid. And to get to the top of the pyramid, the bottom layers actually need to be strong and completely secure’’.

In organizational cybersecurity, ITAM and ITSM build that foundation especially in companies where IT systems and their users are in large quantities. Without ITSM and ITAM, even the best antivirus or threat detection software won’t be enough to keep your business safe and organized.

This article explores how ITAM and ITSM support cybersecurity, help organizations meet important standards like Cyber Essentials Plus and ISO 27001, and ensure that companies are always audit-ready.

1. The Role of ITSM and ITAM in Cybersecurity

ITAM as the Backbone of Visibility and Control

How can you protect something if you don’t even know it exists? This is the essential role of ITAM. Companies often have thousands of devices, software licenses, and cloud services, all of which need to be monitored and secured.

ITAM gives organizations a complete view of their devices, software, and licenses. For example, if there’s a vulnerability in a particular software version, IT teams can quickly identify which devices are using it and patch them before an attacker can exploit it.

According to the National Cyber Security Centre’s guidance on asset management, knowing which assets you have and how they are connected is key to responding to cybersecurity incidents. If a critical system goes down, ITAM allows you to see which other systems depend on it, so you know how much risk you’re facing.

Key Functions of ITAM in Cybersecurity:

• Asset Discovery: Know exactly what hardware and software are in your network.
• Risk Analysis: See which systems are connected and what could be affected in an outage.
• Supplier and Licensing Management: Track supplier certifications like ISO 27001 to ensure compliance.

IT Service Management (ITSM) as the Frontline of Incident Response

If there’s a security incident, like a phishing attempt or unauthorized login, where do employees report it? How does IT know what to do next? This is where ITSM steps in. Service Desks, a key part of ITSM, allow employees to report issues. This way, IT teams track and manage these reports.

Every action taken is logged as part of an audit trail, which means you can see exactly who reported the problem, who handled it, and what steps were taken. This is crucial for certifications like Cyber Essentials Plus certification, ISO 27001 cybersecurity, and SOC2.

Service Desks help with incident tracking, and also assist with change control and access requests. This builds a strong audit trail that can be reviewed during audits for ISO 27001 or Cyber Essentials Plus certification.

Key Functions of ITSM in Cybersecurity:

• Incident Reporting and Response: Employees can report incidents like suspicious emails (potential phishing) or malware.
• Access Control: If employees need access to sensitive systems, ITSM workflows ensure that access is only granted after formal approval.
• Audit Trails: Every action is recorded, forming a clear and traceable log of all user activities.

2. Audit Readiness and Compliance

Understanding Audit Trails

An audit trail is a log of every action taken within a system. This is a life-saver for passing audits for ISO 27001, Cyber Essentials Plus, and SOC2. But many companies confuse audit trails with audit logs.

Differences between an Audit Log and an Audit Trail:

• Audit Log: A single record of an event (like a login attempt).
• Audit Trail: A complete timeline of every action taken (like logins, file edits, and access requests) across multiple systems.
• What is shown in the audit trail?: The audit trail example might include access requests, changes to configurations, and incident response actions.
• What is the primary purpose of an audit trail?: The purpose of an audit trail is to create transparency and accountability, ensuring every action can be traced to a responsible party.

How ITAM and ITSM Support Compliance with Cyber Essentials Plus and ISO 27001

Both Cyber Essentials Plus and ISO 27001 require organizations to prove that they have controls for access management, incident response, and system updates. ITSM and ITAM play important roles in achieving compliance:

• Cyber Essentials Plus requirements: Use Service Desk workflows to manage access requests, log incidents, and automate patching.
• ISO 27001 information security standard: Track every access change with audit trails from ITSM and Asset Management logs.

3. Certifications and Internal Audits

Cyber Essentials Certification

Cyber Essentials certification requires businesses to demonstrate control over essential security features, such as access management, malware protection, and software patching. We hear many questions from organizations on how to get Cyber Essentials certification, and the answer lies in having a solid foundation of ITAM and ITSM.

ISO 27001 Cybersecurity

Many companies aim for the ISO standard for cybersecurity, but achieving compliance isn’t simple. To meet the requirements of ISO 27001 cybersecurity, you have to track access, manage supplier compliance, and make sure that you can audit all changes.

Conclusion

The most effective way to protect your business is to start with the basics: IT Asset Management (ITAM) and IT Service Management (ITSM). These two pillars form the base of the cybersecurity pyramid, and they ensure a higher level of visibility, control, and compliance.

If you’d like to learn more, check out our webinar on NIS2 and ITSM.