The document summarizes a presentation about how IT asset managers can engage and support IT security teams. It discusses analyzing stakeholders to understand their power, interest, and attitude. It also outlines how ITAM programs can help IT security teams by providing additional trusted inventory sources, version control, usage stats, and vulnerability reporting to help justify ongoing security budgets and reduce technical debt. A case study of how one organization responded heroically to a cyberattack shows how close ITAM-ITSEC alignment can help organizations respond effectively to security incidents.

1. The ITAM Review UK Conference 2018
How to engage your IT Security Team -
and fund your SAM programme
AJ Witt, Industry Analyst, The ITAM Review

2. The ITAM Review UK Conference 2018
About Me
• Former IT Asset Manager
• Now Industry Analyst for the ITAM Review
• Managed 5000+ device estate, half of which was floating!
• Reported to Director of Security, Risk, and Compliance

3. The ITAM Review UK Conference 2018
Agenda
• The IT Security Challenge
• Stakeholder analysis for ITSec teams
• How can ITAM Help ITSec?
• What does this mean for your SAM programme?

4. The ITAM Review UK Conference 2018
ITAM-ITSEC
alignment –
end state
• Mutual support for removal of technical
debt
• Justification for ongoing support/
maintenance budgets
• Reduction in volume of authorised software
titles
• Hero status - Maersk

5. The ITAM Review UK Conference 2018
Maersk – NotPetya Response
• 20% of worldwide container shipments
• Complete infrastructure rebuild
– 10 days
– 4,000 new servers
– 45,000 new PCs
– 2,500 applications
• Chairman – “heroic effort to do over 10 days which should take 6 months”
• Still operated at 80% capacity during that time
• Revenue impact $250-300m
• How would you respond?

6. The ITAM Review UK Conference 2018
Power/Interest Stakeholder Analysis - ITAM

7. The ITAM Review UK Conference 2018
Stakeholder Analysis - Attitude
• Interest and Power tell you who is important, but not how you
should engage them.
• A High Power, High Interest stakeholder can either be a Champion
or a Blocker, depending on their attitude to your programme.
• You can’t easily change their power or interest but you can
influence their attitude.
• How do you turn a Blocker into a Champion? Understand their
motivations and goals and tailor your interactions accordingly.

8. The ITAM Review UK Conference 2018
ITSec – Mindset
• Similar mindset and stakeholders to an ITAM team
– Risk Management
– Management of Technical Debt
– Audit Response
– Proof of Compliance
– Detail-obsessed
• Some differences
– Planned audit schedule – requirement for continuous compliance
– Subject to internal audit
– Manage unknown threats

9. The ITAM Review UK Conference 2018
ITSec – Current focus
• Increasing demands and increasing focus
– Lethal payload malware such as Wannacry
– PCI-DSS & SOX compliance
– Vulnerability Reporting
– Patching
– Privacy, including GDPR
• What does this mean?
– £/$/€ being thrown at your ITSec team
– Senior Management focus
– Programme momentum

10. The ITAM Review UK Conference 2018
What can ITAM do to help?
• Additional trusted inventory source
• Version control
• Usage stats
• Vulnerability Reporting
• Automation tools
• Some SAM tool vendors are offering GDPR-specific functionality

11. The ITAM Review UK Conference 2018
Conclusions
• Working closely with ITSec is mutually beneficial
• You may pick up budget and headcount
• You may be a hero
• You will have a powerful ally