Integrated inventory of assets

I am looking into the CIS information security top 20 controls, as a place to recommend beginning to shore up our defenses.

But I am searching for a resource that discusses the information that a team working to build inventories need to identify and register per hardware and software asset.

And how much effort should go into integrating the need for this information into a technology asset management system? Should the information security data be maintained separate from the ITAM system?

Where would I find good resources to learn about this topic?

Answer: First it is important to understand that ISO 27001 only requires the implementation of an inventory of assets if you have unacceptable risks or applicable legal requirements requiring such control (A.8.1.1 - Inventory of Assets).

Considering that, this control does not require an inventory of assets related to information security to be separated of other inventory systems, like an ITAM system (in fact, if you already have an inventory system implemented, by using the same system you would be optimizing your resources usage). To use the same system you only have to ensure the information is properly protected, and most of today's systems have functionalities to ensure such protection.

These articles will provide you further explanation about inventory of assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- Knowing your herd – Service Asset and Configuration Management (SACM) https://advisera.com/20000academy/blog/2013/06/04/knowing-herd-service-asset-configuration-management-sacm/
- Three main activities to set up ITIL Service Asset and Configuration Management https://advisera.com/20000academy/blog/2015/07/14/three-main-activities-to-set-up-itil-service-asset-and-configuration-management/