7.5 Apply resource protection techniques

7.5 Apply resource protection techniques2022-08-21T01:04:24+00:00

7.5 Apply resource protection techniques

  • Media management
  • Hardware and software asset management

Media management is the process of tracking and storing all storage media in our organization.  Media can include

  • Hard Disk Drives

  • Removable Hard Disk Cartridges

  • Magnetic Tapes

  • DVDs

  • CDs

  • USB Drives

  • Floppy Disks

  • Zip Drives

We must have clear policies for the following

  • Where do we buy new media from?  Is there s a specific vendor?  Is there a specific make, model, and or storage capacity? 

  • Who is authorized to purchase media?

  • Where do we store blank media?  The storage location must be secure so that the media is not stolen or tampered with.

  • What quantity of blank media do we need to stock?

  • How do we label media?

    • The security level of the data (we might color code the label or the media to indicate the security level)

    • The type of data that is stored on the media

    • When the media was created?

  • How do we encrypt the media?

  • Where do we store the media once it is full?  How long do we store it? 

  • Do we need to store the media in a locked container?  Who has possession of the keys?

  • What kind of database do we use to track the media?

  • How do we transport the media from location to location?

  • Is there a vendor who stores media offsite for disaster recovery purposes?

  • How do we determine when the media is no longer useful?

  • How do we sanitize or destroy media once we are done with it?

As discussed earlier, Asset Management works on a cycle because we are always buying stuff and throwing out stuff.  We can refer to the following ISO standards

  • ISO 19770-1 is a framework for establishing an asset management program

    • Controls regarding software modification, duplication and distribution

    • Tracking changes made to IT assets

    • Controls over licensing, underlicensing, overlicensing, and compliance with licensing terms and conditions

    • Controls over situations such as in cloud computing and with Bring-Your-Own-Device’(BYOD) practices, where more than one person owns a device

    • Synchronization of IT asset management data with data in financial information systems recording assets and expenses and other business intelligence systems

  • ISO 19770-2 is a standard for identifying software

    • A tag allows us to track each instance of a software installation so that we can ensure it is properly licensed

  • ISO 19770-3 provides a software entitlement scheme

    • A shared vocabulary helps us understand software license terms

    • The license information is encoded into a format that the computer can understand and enforce

What kind of software should we use to track our assets?

  • It is important to choose a program that maintains the integrity of the data so that it can’t be modified by unauthorized users

  • There are specific applications that can be used to track software licenses and computers

  • We might use an accounting program to track tangible assets

With respect to computer hardware and software, we might track the following

  • Hardware

    • Make

    • Model

    • Serial Number

    • Physical Location

    • Properties

    • Network interfaces, MAC addresses, IP addresses, hostname

    • Operating system version

    • Purchase Date

    • Warranty

    • Asset Tag

  • Software

    • Publisher

    • Name

    • Version

    • Updates

    • License Type and Serial Number

    • Expiry Date