Topic 7A Flashcards
Asset management
monitor for unauthorized activity, and identify potential vulnerabilities
ensuring that all devices and systems are appropriately secured, patched, and updated to mitigate the risks of cyberattacks
supports incident response activities, enabling security teams to quickly identify and isolate affected assets during a security incident
An asset management process
tracks all the organization’s critical systems, components, devices, and other objects of value in an inventory.
It also involves collecting and analyzing information about these assets so that personnel can make informed changes or work with assets to achieve business goals.
assignment/accounting
In asset management, processes that ensure each physical and data asset have an identified owner, and are appropriately tagged and classified within an inventory.
Monitoring/asset tracking
Enumeration and inventory processes and software that ensure physical and data assets comply with configuration and performance baselines, and have not been tampered with or suffered other unauthorized access.
Ways to perfrom asset enumeration:
Manual Inventory - manually taking inventory. More feasible in smaller companies. Involves physically inspecting assets, such as computers, servers, and network devices, and recording relevant information, such as serial numbers, make and model, and location.
Network Scanning - Nmap, Nessus, or OpenVAS, can automatically discover and enumerate networked devices, including servers, switches, routers, and workstations. These tools can identify open ports, services, and sometimes OS
Asset Management Software - Lansweeper, ManageEngine, or SolarWinds, can automatically discover, track, and catalog various types of assets, including hardware, software, and licenses. Creates a centralized dashboard
Configuration Management Database (CMDB) - centralized repository of information related to an organization’s IT infrastructure, including assets, configurations, and relationships
Mobile Device Management (MDM) Solutions - For organizations with a significant number of mobile devices, MDM solutions like Microsoft Intune, VMware Workspace ONE, or MobileIron can help enumerate, manage, and secure smartphones
Cloud Asset Discovery - With organizations increasingly adopting cloud services, cloud-native tools, such as AWS Config or Azure Resource Graph, or third-party solutions like CloudAware or CloudCheckr, can help discover and catalog assets deployed in the cloud.
acquisition/procurement
Policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals
RFID tag
Used to identify a device for asset identification. Barcodes are also an option
is a chip programmed with asset data. When in range of a scanner, the chip activates and signals the scanner. The scanner alerts management software to update the device’s location.
standard naming convention
makes the environment more consistent for hardware assets and for digital assets such as accounts and virtual machines.
The naming strategy should allow administrators to identify the type and function of any particular resource or location at any point in the configuration management database (CMDB) or network directory.
Configuration management
ensures that each configurable element within an asset inventory has not diverged from its approved configuration
Change control
The process by which the need for change is recorded and approved.
change management
The process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts
Critical capabilities for enterprise backup solutions typically include the following features:
Support for various environments (virtual, physical, and cloud)
Data deduplication and compression to optimize storage space
Instant recovery and replication for quick failover
Ransomware protection and encryption for data security
Granular restore options for individual files, folders, or applications
Reporting, monitoring, and alerting tools for effective management
Integration with popular virtualization platforms, cloud providers, and storage systems
Data deduplication
Instead of storing multiple copies of the same data, deduplication stores a single copy and creates references or pointers to that copy for all other instances.
can be performed at different levels, such as file-level, block-level, or byte-level.
Filesystem snapshots
like those provided by ZFS or Btrfs, capture the state of a file system at a given moment, enabling users to recover accidentally deleted files or restore previous versions of files in case of data corruption.
SAN snapshots
are taken at the block-level storage layer within a storage area network. Examples include snapshots in NetApp or Dell EMC storage systems, which capture the state of the entire storage volume, allowing for rapid recovery of large datasets and applications.
database mirroring
where an organization maintains primary and secondary mirrored databases.
Any changes made to the primary database are automatically replicated to the secondary database, ensuring data consistency and availability if the primary database encounters any issues.
Journaling
records changes to data in a separate, dedicated log known as a journal.
It enables the system to identify and undo any incomplete transactions that might have caused inconsistencies, or replay transactions that occurred after the full system backup was
Secure data destruction
At the end of a data retention period, organizations must destroy data in accordance with internal policies and external regulations while optimizing storage resources.
Legal and regulatory compliance, such as adhering to the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA), also requires the deletion or destruction of specific data when it is no longer needed or if requested by the data subject.
Periodically destroying obsolete or outdated data can help maintain efficient storage utilization and reduce the risk of data breaches.
Asset disposal/decommissioning concepts
focus on the secure and compliant handling of data and storage devices at the end of their lifecycle or when they are no longer needed.
Sanitization
Refers to the process of removing sensitive information from storage media to prevent unauthorized access or data breaches.
This process uses specialized techniques, such as data wiping, degaussing, or encryption, to ensure that the data becomes irretrievable
Destruction
Involves the physical or electronic elimination of information stored on media, rendering it inaccessible and irrecoverable.
Physical destruction methods include shredding, crushing, or incinerating storage devices, while electronic destruction involves overwriting data multiple times or using degaussing techniques to eliminate magnetic fields on storage media.
Destruction Certification
Refers to the documentation and verification of the data sanitization or destruction process.
This often involves obtaining a certificate of destruction or sanitization from a reputable third-party provider, attesting that the data has been securely removed or destroyed in accordance with industry standards and regulations.
Configuration Item (CI)
an asset that requires specific management procedures to be used to deliver the service. Each CI must be labeled, ideally using a standard naming convention.
Service assets
things, processes, or people that contribute to delivering an IT service.
NTFS
New Technology Filing System
When activated, can become a journaling system providing logged changes
CMDB
Configuration management database
self explanatory. Configuration items are stored here
