Asset and Change Management Flashcards
Acquisition
Process of obtaining goods and services
Procurement
Entire process of sourcing and obtaining those goods and services, including all
the processes that lead up to the acquisition
Purchase Order
Formal document issued by the purchasing department
Dictates payment terms (NET 15, NET 30, NET 60)
Internal Approval Process
Ensures purchase alignment with company goals
Post-Approval Procurement
■ Product compatibility assessment
■ Security checks and configurations
■ User training
■ Integration into the existing workflow
BYOD
Bring Your Own Device
COPE
Corporate-Owned, Personally Enabled
CYOD
Employees select devices from a company-approved list
Asset Management
Systematic approach to governing and maximizing the value of items an entity is responsible for throughout the asset’s life cycle
Assignment and Accounting of Assets
Each asset assigned to a person or group, known as owners.
Avoids ambiguity, aids troubleshooting, upgrades, and replacements
Asset Monitoring
Maintaining an inventory with specifications, location, and
assigned users
Asset Tracking
Goes beyond monitoring, involving the location, status, and condition of assets using specialized software and tracking technologies
Enumeration
Identifies and counts assets, especially in large organizations or during times of asset procurement or retirement
MDM
Mobile Device Management
NIST Special Publication 800-88 (Guidelines for Media Sanitization)
Provides guidance on asset disposal and decommissioning
Sanitization
Thorough process to make data inaccessible and irretrievable from storage
medium using traditional forensic methods
Overwriting
○ Replacing the existing data on a storage device with random bits of information to ensure that the original data is obscured
○ Repeated several times to reduce any chance of the original data being recovered
○ Overwriting can use a single pass, 7 passes, or 35 passes
Degaussing
Utilizes a machine called a degausser to produce a strong magnetic field that can disrupt magnetic domains on storage devices like hard drives or tapes
Permanent erasure of data but makes the device unusable
Secure Erase
○ Deletes data and ensures it can’t be recovered
○ Implemented in firmware level of storage devices
○ Built-in erasure routine purges all data blocks
○ Deprecated in favor of cryptographic erase
Cryptographic Erase (CE)
○ Utilizes encryption technologies for data sanitization
○ Destroys or deletes encryption keys, rendering data unreadable
○ Quick and efficient method of sanitization
○ Supports device repurposing without data leakage
Change Management
Orchestrated strategy to transition teams, departments, and organizations from
existing state to a more desirable future state
CAB
Change Advisory Board
Body of representatives from various parts of an organization that is
responsible for evaluation of any proposed changes
Change Owner
Individual or team responsible for initiating change request
Impact Analysis
Assesses potential fallout, immediate effects, long-term impacts
