After reviewing the end-to-end process of both teams, it was determined that a solution would include an example of the following:
- The central asset database would be considered master data
- Asset management process control will need to be developed and established as an action from the initial findings to satisfy a more accurate PIR
- Development and testing environments are at a lower risk for exploitation as they are completely segregated from the production network
- Discovery scanning will continue to only be executed on the production network
- Systems that are found in production that are not correctly labeled as production in the central asset database would be quarantined
- Systems that are found in production that are not in the central asset database would be kicked off the network