Key concepts a cybersecurity specialist should know about asset management.
1. Inventory management
- What assets are on hand, where they reside, and who owns them.
2. Configuration management
- Association of each item with other items in an inventory.
3. IT Asset Management (ITAM)
- Financial aspects of assets, including cost, value, and contractual status
- Designed to manage the physical, contractual, and financial aspects of IT assets, from acquisition through disposition.
4. Configuration Management Database (CMDB)
- Supports processes in service delivery, service support, IT asset management, and other IT disciplines.
- Holds the relationship among all system components, including incidents, problems, known errors, changes, and releases.
Keep in mind that asset management covers both hardware and software.
Software licensing are original copies of licensed software that must be controlled by the organization to prevent copyright infringement. All software copies should be managed by a software or media librarian.
Inventory scans of installed software should be conducted by the organization to identify unauthorized installations or licensed violations.
The equipment lifecycle will help you understand equipment from acquisition to disposal:
1. Define security requirements of equipment.
2. Acquire, implement, and validate security features and configurations.
3. Ensure security features and configurations remain operational on the system.
4. Dispose and decomission equipment by ensuring they are securely erased and destroyed or recycled depending on security requirements of the organization.
For appropriate retention, understand where data exists. Where does data reside?
Classify and define the data.
Archive and manage the data.
Ensure the appropriate roles and responsibilities are clearly defined and understood regarding data classification and retention to ensure security.