Assets and Change Management Flashcards

1
Q

Asset Management

A

Systematic process of developing, operating, maintaining, and selling assets cost-effectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Change management

A

Structured approach to transitioning from a current state to a desired future state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Acquisition and Procurement

A

Structured process of sourcing, vetting, and obtaining security technologies and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Three Main Mobile Device Deployment Models

A

1: BYOD (Bring Your Own Device)
 Employees use personal devices for work
 Cost-effective for employers
 Drawbacks include reduced control over security and
device management

2: COPE (Corporate-Owned, Personally Enabled)
 The company provides devices for employees
 Greater control over security and standards
 Higher initial investment
 Employees may have privacy concerns or need to carry
two devices

3: CYOD (Choose Your Own Device)
 Employees select devices from a company-approved list
 Balance between employee choice and organizational
control
 Similar drawbacks to COPE in terms of initial cost and
potential privacy concerns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assignment/Accounting and Monitoring/Asset Tracking

A

 Clear ownership and classification of assets
 Rigorous monitoring through inventory checks and
MDM solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Asset Disposal and Decommissioning processes

A

 Sanitization, destruction, certification, data retention
 Minimizes the risk of unauthorized access or data
breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Change Management Importance

A

 Strict approval for every change
 Consideration of CAB insights, ownership, stakeholder
involvement, and impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Change Management Processes best practices

A

 Schedule maintenance windows
 Thorough backout plans
 Consistent testing post-implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Technical Implications of Changes management aspects

A

 Allow lists, deny lists
 Handling downtime, restarts
 Managing legacy applications and dependencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Conducting the acquisition and procurement process - understanding different types of purchase options

A

Company Credit Card
 Quick purchase of low-cost items
 Transaction limits and item restrictions

Individual Purchase
 Employee purchases, seeks reimbursement
 Used in emergencies or when no company credit card
is available

Purchase Order
 Formal document issued by the purchasing department
 For larger, more expensive purchases
 Dictates payment terms (NET 15, NET 30, NET 60)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Internal Approval Process

A

 Ensures purchase alignment with company goals
 Validates budget allocation
 Assesses security and compatibility with existing
infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Post-Approval Procurement

A

 Security checks and configurations
 User training
 Integration into the existing workflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Considerations when selecting Mobile Device Deployment model

A

Consider the specific needs, budget constraints, and risk appetite of your organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tangible vs intangible assets

A

Tangible Assets
 Office buildings
 Computers
 Machinery

Intangible Assets
 Intellectual property
 Organization’s reputation
 Goodwill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Assignment and Accounting of Assets

A

 Each asset assigned to a person or group, known as
owners
 Process referred to as the allocation or assignment of
ownership
 Avoids ambiguity, aids troubleshooting, upgrades, and
replacements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Classification and Categorization

A

 Assets should be classified and categorized
 Classification based on criteria such as function and
value
 Informs maintenance, replacement, or retirement
decisions
 High-value assets may require stringent maintenance
schedules
 Low-value assets may be considered for recycling or
disposal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Monitoring and Tracking of Assets

A

Ensures proper accounting and optimal use of assets

Asset Monitoring
 Maintaining an inventory with specifications, location,
and assigned users

Asset Tracking
 Goes beyond monitoring, involving the location, status,
and condition of assets using specialized software and
tracking technologies

18
Q

Enumeration

A

 Identifies and counts assets, especially in large
organizations or during times of asset procurement or
retirement
 Aids in maintaining an accurate inventory
 Proactive approach for risk management and resource
optimization

19
Q

Mobile Device Management (MDM)

A

 Manages and tracks mobile devices
- Smartphones
- Tablets
- Laptops
- Wearables
 Centralizes management, enforces corporate policies,
ensures software uniformity, safeguards sensitive data
 Enables remote lock and wipe of lost devices, remote
software updates, and consistent user experiences
 Reduces risks associated with unsecured or outdated
devices

20
Q

Asset Disposal and Decommissioning

A

Necessity to manage the disposal of outdated assets

21
Q

NIST Special Publication 800-88 (Guidelines for Media Sanitization

A

Provides guidance on asset disposal and decommissioning

22
Q

Sanitization and its methods used

A

 Thorough process to make data inaccessible and
irretrievable from storage medium using traditional
forensic methods
 Applies to various storage media

Methods include
1: Overwriting
2: Replacing the existing data on a storage device with
random bits of information to ensure that the original
data is obscured
3: Repeated several times to reduce any chance of the
original data being recovered
4: Overwriting can use a single pass, 7 passes, or 35
passes

23
Q

Degaussing

A

 Utilizes a machine called a degausser to produce a
strong magnetic field that can disrupt magnetic
domains on storage devices like hard drives or tapes
 Renders data on the storage medium unreadable and
irretrievable
 Permanent erasure of data but makes the device
unusable
 After degaussing, a device can no longer be used to
store data

24
Q

Secure erase

A

 Deletes data and ensures it can’t be recovered
 Implemented in firmware level of storage devices

25
Q

Cryptographic Erase (CE)

A

 Utilizes encryption technologies for data sanitization
 Destroys or deletes encryption keys, rendering data
unreadable
 Quick and efficient method of sanitization
 Supports device repurposing without data leakage

26
Q

Destruction and methods

A

Goes beyond sanitization, ensures physical device is unusable

Used for high-security environments, especially with Secret or Top-Secret data

Recommended methods
 Shredding
 Pulverizing
 Melting
 Incinerating

27
Q

Certification

A

 Acts as proof that data or hardware has been securely
disposed of
 Important for organizations with regulatory
requirements
 Creates an audit log of sanitization, disposal, or
destruction

28
Q

Data retention

A

 Strategically deciding what to keep and for how long
 Data has a lifecycle from creation to disposal

Reasons to retain data
 Regulatory requirements
 Historical analysis
 Trend prediction

29
Q

Dispute resolution

A

 Retaining everything is not feasible due to costs and
security risks
 The more you store, the more you must secure
 Clutter and excessive data require additional security
measures

30
Q

Data Protection

A

 All data needs protection from potential data breaches
 More data requires more extensive security measures
 Leads to higher costs and resource allocation
 Excessive data complicates retrieval and analysis

31
Q

Change is essential but requires

A

 Precision
 Planning
 Structured approach

32
Q

Challenges of Change

A

 Unplanned or poorly coordinated changes can lead to
resistance and confusion
 Even seemingly simple changes, like software upgrades,
can cause issues
 Existing processes become disrupted by changes,
impacting efficiency

33
Q

Change Advisory Board (CAB)

A

 Body of representatives from various parts of an
organization that is responsible for evaluation of any
proposed changes
 Evaluates proposed changes before approval, assesses
viability, impacts, and alignment with objectives

34
Q

Change Owner

A

 Individual or team responsible for initiating change
request
 Advocates for the change, details reasons, benefits, and
challenges
 Key in presenting the case for the change

35
Q

Impact Analysis

A

 Integral part of the Change Management process
 Essential before implementing proposed changes
 Assesses potential fallout, immediate effects, long-term
impacts
 Identifies challenges and prepares for maximizing
benefits

36
Q

Five Main Steps in Change Management

A

1: Preparing for the Change

2: Creating a Vision for the Change

3: Implementing the Change

4: Verifying the Change

5: Documenting the Change

37
Q

Key Aspects of the Change Management Process

A

1: Scheduled Maintenance Window
 Designated timeframes for implementing changes
 Reduces potential disruptions to daily operations
 Allows flexibility for emergency changes

2: Backout Plan
 Pre-determined strategy to revert systems to their
original state in case of issues during change
implementation
 Acts as a safety net for ensuring quick return to normal
operations

3: Testing the Results
 Validates the success of the change by conducting tests
on systems and operational processes after
implementation
 Ensures desired outcomes and identifies areas needing
further adjustments

38
Q

Technical Implications of Changes

A

1: Technical Implications of Changes
Allow Lists and Deny Lists

Allow List
 Specifies entities permitted to access a resource

Deny List
 Lists entities prevented from accessing a resource
 Review both lists when proposing changes to prevent
unintended access restrictions or grants
 Essential for maintaining system functionality and
security

2: Restricted Activities
 Certain tasks labeled as ‘restricted’ due to their impact
on system health or security
 Verify proposed changes for any restricted activities
 Prevent data breaches and operational disruptions by
understanding restrictions

3: Downtime
 Any change, even minor, carries the risk of causing
downtime
 Estimate potential downtime and assess its negative
effects against benefits
 Schedule changes during maintenance windows to
minimize impacts on end users

4: Service and Application Restarts
 Some changes, like installing security patches, require
service or application restarts
 Restarting critical services can be disruptive, potentially
causing data loss
or backlog
 Consider the implications of restarts, especially for key
servers

5: Legacy Applications
 Older software or systems still in use due to
functionality and user needs
 Legacy applications are less flexible and more sensitive
to changes
 Minor updates can lead to malfunctions or crashes, so
assess their compatibility.

6: Dependencies
 Interconnected systems create dependencies, where
changes in one area affect others
 Mapping dependencies is crucial before implementing
changes
 Prevents cascading effects, outages, or disruptions in
various parts of your network

39
Q

Version Control

A

 Tracks and manages changes in documents, software,
and other files
 Allows multiple users to collaborate and revert to
previous versions when needed
 Ensures changes do not create chaos and helps track
project evolution
 Preserves past iterations and ensures continuity and
stability

40
Q

Key elements of proper documentation

A

 Updating diagrams to provide a visual representation
of system architecture
 Revising policies and procedures to address issues or
improvements
 Updating change requests and trouble tickets to reflect
successful completion
 Proper documentation is critical for clarity and
accountability

41
Q
A