Abstract
The primary driver for IT Asset Management has always been costs. Although an inventory of all IT assets, one of the most important GITC, is required by ISO 27002 and the BIO standard, no department or governmental agency has so far managed to create a complete and normalized inventory of IT Assets and keep it up to date. IT costs are, therefore, difficult to differentiate. This hampers any strategic choices. Lack of financial underpinning hinders strategic choices. Choices about how to deal with legacy infrastructure such as mainframes and choices about source code management (COBOL), for example. If you don't know what it is and what it costs, it is very difficult to free up any budget for improvement.
Furthermore, new developments and threats within the realm of digitalization, call for a complete inventory with even more urgency. For example, an inventory of all cryptography will have to be made in order to upgrade it to "Post Quantum Cryptography". Besides costs, the risks of the various IT Assets must also be identified and, to avoid "visionless" cost reduction, the cost of digitization must be related to the value of the business process and interests.
CIO Rijk has developed a vision for ITAM as a base for new policies. I will give an overview of this vision at the Cobol and mainframe event 18 Januari 2024. This vision will form the basis for all policies on managing and administering all ICT assets.
Vision ITAM: “The organizations of the central Dutch government have a standardized and normalized, complete, current and accurate insight into all ICT resources. This insight is linked to the costs and risks of these resources and related to the value of the business process and the 'Interests to be Protected' located in this business process.”
Bio
Olivier van der Post is a senior advisor within the Chief Information Office of the Central Dutch Government (CIO-RIJK). He is specialized in creating governance for in the topic’s identity, Access, (IT-)Assets and Semantics. He holds a master’s degree in cognitive sciences (MA) and a master’s degree in cybersecurity (MSc), both from Leiden University.