adam's notes

Asset Management

Asset management involves identifying, tracking, and safeguarding an organization’s assets, ranging from hardware and software to data and intellectual property.

  • uses hardware and software to implement life-cycle policies and procedures
    • for provisioning, maintaining, and decommissioning
  • tangible inventory = hardware
  • intangible inventory = software licenses, data assets, IP, etc.

Asset Assignment/Accounting

Asset assignment/accounting are processes that ensure each physical and data asset have an identified owner, and are appropriately tagged and classified within an inventory.

  • designating specific individuals or teams as responsible for particular assets
    • to establish a clear chain of accountability
  • hardware assets could be assigned to individual user accounts
  • assets could be allocated to security groups
  • shared-use assets could be assigned both

Asset classification involves organizing assets based on their value, sensitivity, or criticality to the organization.

  • enables the consistent and repeatable application of:
    • required security controls
    • effective prioritization for maintenance and updates
    • appropriate budget allocation
  • need periodic reviews to account for changes in asset:
    • value
    • sensitivity
    • or relevance to business operations

Monitoring/Asset Tracking

Monitoring/asset tracking are enumeration and inventory processes and software that ensure physical and data assets comply with configuration and performance baselines, and have not been tampered with or suffered other unauthorized access.

  • ensuring accurate information about each asset’s location, owner, and status
  • involves tracking the performance, security, and usage of assets
    • allows to detect potential issues, vulnerabilities, or unauthorized access promptly
  • helps
    • mitigate risks
    • optimize resource utilization
    • and ensure compliance with regulatory requirements

Ways to Perform Asset Enumeration

  • Manual Inventory
    • physically inspecting assets, such as computers, servers, and network devices, and recording relevant information, such as serial numbers, make and model, and location
  • Network scanning
    • network scanning tools can automatically discover and enumerate networked devices
      • e.g., Nmap, Nessus, or OpenVAS
  • Asset Management Software
    • can automatically discover, track, and catalog various types of assets
      • including hardware, software, and licenses
      • e.g., Lansweeper, ManageEngine, or SolarWinds
    • can be configured to store as much or as little information as is necessary
      • typical data:
        • type, model, serial number, asset ID, location user(s), value, service information
  • Configuration Management Database (CMDB)
    • is a centralized repository of information related to an organization’s IT infrastructure, including assets, configurations, and relationships.
    • e.g., ServiceNow or BMC Remedy
  • Mobile Device Management (MDM) Solutions
    • e.g., Microsoft Intune, VMware Workspace ONE, or MobileIron
  • Cloud Asset Discovery
    • help discover and catalog assets deployed in the cloud
    • e.g.,
      • cloud-native tools
        • AWS Config
        • Azure Resource Graph
      • third-party solutions
        • CloudAware
        • CloudCheckr

Asset Acquisition/Procurement

Asset acquisition/procurement are policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals.

  • consider procuring solutions that integrate seamlessly with their existing security infrastructure
  • should assess the total cost of ownership (TCO) of the assets
    • initial purchase price
    • ongoing costs of maintenance, updates, and potential security incidents
  • each asset should include procurement documentation

Asset Procurement Lifecycle

  • change procedures approve new/upgraded assets
  • procurement determines budget and trusted supplier identified
  • deployment installs asset securely
  • maintenance monitors and supports use of asset
  • disposal sanitizes asset

Warranty Support and Licensing

  • for each asset record, there should be a copy of or link to the appropriate vendor documentation
    • includes:
      • invoice
      • warranty/support contract
      • support and troubleshooting guidance
  • software inventory should track license usage
    • to ensure compliance with vendor’s licensing agreement
  • licensing for servers and network appliances can be complex,
    • worth considering whether a licensing or feature activation issue could be a cause of a problem
    • on a switch or router, licensing failures could restrict:
      • the number of ports available
      • the number of routes allowed in the routing table
      • the availability of routing protocols
    • trial or evaluation periods can cause features to stop working when over
  • Troubleshooting license issues:
    • start at the log
      • should show
        • whether an evaluation period/trial has just expired
        • when a seat/instance count has been exceeded
    • verify the appliance has the correct licenses or activation keys installed
    • if relevant, ensure the appliance can connect to its licensing or activation server

Graph View

Backlinks