Assets and Change Management Flashcards

1
Q

Asset Management

A

Systematic process of developing, operating, maintaining, and selling assets cost-effectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Change management

A

Structured approach to transitioning from a current state to a desired future state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Acquisition and Procurement

A

Structured process of sourcing, vetting, and obtaining security technologies and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Three Main Mobile Device Deployment Models

A

1: BYOD (Bring Your Own Device)
 Employees use personal devices for work
 Cost-effective for employers
 Drawbacks include reduced control over security and
device management

2: COPE (Corporate-Owned, Personally Enabled)
 The company provides devices for employees
 Greater control over security and standards
 Higher initial investment
 Employees may have privacy concerns or need to carry
two devices

3: CYOD (Choose Your Own Device)
 Employees select devices from a company-approved list
 Balance between employee choice and organizational
control
 Similar drawbacks to COPE in terms of initial cost and
potential privacy concerns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assignment/Accounting and Monitoring/Asset Tracking

A

 Clear ownership and classification of assets
 Rigorous monitoring through inventory checks and
MDM solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Asset Disposal and Decommissioning processes

A

 Sanitization, destruction, certification, data retention
 Minimizes the risk of unauthorized access or data
breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Change Management Importance

A

 Strict approval for every change
 Consideration of CAB insights, ownership, stakeholder
involvement, and impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Change Management Processes best practices

A

 Schedule maintenance windows
 Thorough backout plans
 Consistent testing post-implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Technical Implications of Changes management aspects

A

 Allow lists, deny lists
 Handling downtime, restarts
 Managing legacy applications and dependencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Conducting the acquisition and procurement process - understanding different types of purchase options

A

Company Credit Card
 Quick purchase of low-cost items
 Transaction limits and item restrictions

Individual Purchase
 Employee purchases, seeks reimbursement
 Used in emergencies or when no company credit card
is available

Purchase Order
 Formal document issued by the purchasing department
 For larger, more expensive purchases
 Dictates payment terms (NET 15, NET 30, NET 60)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Internal Approval Process

A

 Ensures purchase alignment with company goals
 Validates budget allocation
 Assesses security and compatibility with existing
infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Post-Approval Procurement

A

 Security checks and configurations
 User training
 Integration into the existing workflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Considerations when selecting Mobile Device Deployment model

A

Consider the specific needs, budget constraints, and risk appetite of your organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tangible vs intangible assets

A

Tangible Assets
 Office buildings
 Computers
 Machinery

Intangible Assets
 Intellectual property
 Organization’s reputation
 Goodwill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Assignment and Accounting of Assets

A

 Each asset assigned to a person or group, known as
owners
 Process referred to as the allocation or assignment of
ownership
 Avoids ambiguity, aids troubleshooting, upgrades, and
replacements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Classification and Categorization

A

 Assets should be classified and categorized
 Classification based on criteria such as function and
value
 Informs maintenance, replacement, or retirement
decisions
 High-value assets may require stringent maintenance
schedules
 Low-value assets may be considered for recycling or
disposal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Monitoring and Tracking of Assets

A

Ensures proper accounting and optimal use of assets

Asset Monitoring
 Maintaining an inventory with specifications, location,
and assigned users

Asset Tracking
 Goes beyond monitoring, involving the location, status,
and condition of assets using specialized software and
tracking technologies

18
Q

Enumeration

A

 Identifies and counts assets, especially in large
organizations or during times of asset procurement or
retirement
 Aids in maintaining an accurate inventory
 Proactive approach for risk management and resource
optimization

19
Q

Mobile Device Management (MDM)

A

 Manages and tracks mobile devices
- Smartphones
- Tablets
- Laptops
- Wearables
 Centralizes management, enforces corporate policies,
ensures software uniformity, safeguards sensitive data
 Enables remote lock and wipe of lost devices, remote
software updates, and consistent user experiences
 Reduces risks associated with unsecured or outdated
devices

20
Q

Asset Disposal and Decommissioning

A

Necessity to manage the disposal of outdated assets

21
Q

NIST Special Publication 800-88 (Guidelines for Media Sanitization

A

Provides guidance on asset disposal and decommissioning

22
Q

Sanitization and its methods used

A

 Thorough process to make data inaccessible and
irretrievable from storage medium using traditional
forensic methods
 Applies to various storage media

Methods include
1: Overwriting
2: Replacing the existing data on a storage device with
random bits of information to ensure that the original
data is obscured
3: Repeated several times to reduce any chance of the
original data being recovered
4: Overwriting can use a single pass, 7 passes, or 35
passes

23
Q

Degaussing

A

 Utilizes a machine called a degausser to produce a
strong magnetic field that can disrupt magnetic
domains on storage devices like hard drives or tapes
 Renders data on the storage medium unreadable and
irretrievable
 Permanent erasure of data but makes the device
unusable
 After degaussing, a device can no longer be used to
store data

24
Q

Secure erase

A

 Deletes data and ensures it can’t be recovered
 Implemented in firmware level of storage devices

25
Cryptographic Erase (CE)
 Utilizes encryption technologies for data sanitization  Destroys or deletes encryption keys, rendering data unreadable  Quick and efficient method of sanitization  Supports device repurposing without data leakage
26
Destruction and methods
Goes beyond sanitization, ensures physical device is unusable Used for high-security environments, especially with Secret or Top-Secret data Recommended methods  Shredding  Pulverizing  Melting  Incinerating
27
Certification
 Acts as proof that data or hardware has been securely disposed of  Important for organizations with regulatory requirements  Creates an audit log of sanitization, disposal, or destruction
28
Data retention
 Strategically deciding what to keep and for how long  Data has a lifecycle from creation to disposal Reasons to retain data  Regulatory requirements  Historical analysis  Trend prediction
29
Dispute resolution
 Retaining everything is not feasible due to costs and security risks  The more you store, the more you must secure  Clutter and excessive data require additional security measures
30
Data Protection
 All data needs protection from potential data breaches  More data requires more extensive security measures  Leads to higher costs and resource allocation  Excessive data complicates retrieval and analysis
31
Change is essential but requires
 Precision  Planning  Structured approach
32
Challenges of Change
 Unplanned or poorly coordinated changes can lead to resistance and confusion  Even seemingly simple changes, like software upgrades, can cause issues  Existing processes become disrupted by changes, impacting efficiency
33
Change Advisory Board (CAB)
 Body of representatives from various parts of an organization that is responsible for evaluation of any proposed changes  Evaluates proposed changes before approval, assesses viability, impacts, and alignment with objectives
34
Change Owner
 Individual or team responsible for initiating change request  Advocates for the change, details reasons, benefits, and challenges  Key in presenting the case for the change
35
Impact Analysis
 Integral part of the Change Management process  Essential before implementing proposed changes  Assesses potential fallout, immediate effects, long-term impacts  Identifies challenges and prepares for maximizing benefits
36
Five Main Steps in Change Management
1: Preparing for the Change 2: Creating a Vision for the Change 3: Implementing the Change 4: Verifying the Change 5: Documenting the Change
37
Key Aspects of the Change Management Process
1: Scheduled Maintenance Window  Designated timeframes for implementing changes  Reduces potential disruptions to daily operations  Allows flexibility for emergency changes 2: Backout Plan  Pre-determined strategy to revert systems to their original state in case of issues during change implementation  Acts as a safety net for ensuring quick return to normal operations 3: Testing the Results  Validates the success of the change by conducting tests on systems and operational processes after implementation  Ensures desired outcomes and identifies areas needing further adjustments
38
Technical Implications of Changes
1: Technical Implications of Changes Allow Lists and Deny Lists Allow List  Specifies entities permitted to access a resource Deny List  Lists entities prevented from accessing a resource  Review both lists when proposing changes to prevent unintended access restrictions or grants  Essential for maintaining system functionality and security 2: Restricted Activities  Certain tasks labeled as 'restricted' due to their impact on system health or security  Verify proposed changes for any restricted activities  Prevent data breaches and operational disruptions by understanding restrictions 3: Downtime  Any change, even minor, carries the risk of causing downtime  Estimate potential downtime and assess its negative effects against benefits  Schedule changes during maintenance windows to minimize impacts on end users 4: Service and Application Restarts  Some changes, like installing security patches, require service or application restarts  Restarting critical services can be disruptive, potentially causing data loss or backlog  Consider the implications of restarts, especially for key servers 5: Legacy Applications  Older software or systems still in use due to functionality and user needs  Legacy applications are less flexible and more sensitive to changes  Minor updates can lead to malfunctions or crashes, so assess their compatibility. 6: Dependencies  Interconnected systems create dependencies, where changes in one area affect others  Mapping dependencies is crucial before implementing changes  Prevents cascading effects, outages, or disruptions in various parts of your network
39
Version Control
 Tracks and manages changes in documents, software, and other files  Allows multiple users to collaborate and revert to previous versions when needed  Ensures changes do not create chaos and helps track project evolution  Preserves past iterations and ensures continuity and stability
40
Key elements of proper documentation
 Updating diagrams to provide a visual representation of system architecture  Revising policies and procedures to address issues or improvements  Updating change requests and trouble tickets to reflect successful completion  Proper documentation is critical for clarity and accountability
41