Asset Management - 4.2

Summary

Asset management involves the acquisition, tracking, assignment, and eventual disposal of an organization's assets, ensuring proper management, accountability, and compliance with data retention and disposal policies.

Notes:

Acquisition / Procurement Process

The process of identifying, purchasing, and acquiring assets that meet the organization's needs.

Assignment / Accounting

  • Ownership: Linking a device or asset to a responsible person, department, or team for accountability and proper management.
  • Classification: Categorizing assets by type (e.g., hardware, software) and prioritizing them based on importance and criticality to business operations.

Monitoring / Asset Tracking

  • Inventory: Maintaining up-to-date records of assets, including their location, condition, and status (e.g., in use, in storage, decommissioned).
  • Enumeration: Listing and counting all components of an asset. For example, a computer's components include its hard drive, RAM, CPU, etc.

Disposal / Decommissioning

  • Sanitization: Securely erasing all data on the device or asset to ensure complete and permanent removal.
  • Destruction: The physical destruction of the device to ensure it cannot be reused or data cannot be recovered.
    • Pulverization: Breaking the asset down into small pieces.
    • Degaussing: Using magnetic fields to erase data stored on magnetic media.
  • Certification: Obtaining certificates of destruction from a certified third-party organization that verifies the asset has been properly decommissioned and disposed of.

Data Retention

  • Establishing policies that determine what types of data and how much data an organization retains, ensuring it aligns with operational needs and compliance requirements.
  • Retaining data for backup and disaster recovery purposes in the event of system failure or data loss.
  • Ensuring data retention meets regulatory compliance standards (e.g., GDPR, HIPAA, etc.).