technology assets throughout the entire asset life cycle

Document Sample
technology assets throughout the entire asset life cycle Powered By Docstoc
					Lesson 9-Asset and Security
Management
          Overview




 Asset management.

 Tracking assets.

 Asset management and the help desk.

 Threats to computer security.

 Security processes.

 Additional security measures.
          Asset Management




 IT asset management (ITAM) is the process of tracking

  information about technology assets throughout the entire

  asset life cycle.

 It provides IT organizations with the information to

  effectively manage and leverage assets.
          Asset Management




 Proper asset management leads to increased productivity

  and reduced cost of ownership.

 Common information technology assets include hardware,

  software, proprietary data, manuals, guides, printouts,

  warranties, etc.
           Asset Management




Challenges of IT asset management:

    Organizations must know the assets they possess, their value,

     and their physical location.

    It is essential to record detailed information for each asset.

    IT assets are complex and difficult to manage.

    Technology assets are mobile, making them difficult to track.
          Asset Management




Effective asset management is beneficial for:

    Help desk personnel and facilities manager.

    Service and network managers.

    Account analysts.

    Purchase and finance managers.

    System, software, and IT managers.
          Tracking Assets




 Asset tracking tools, also called auto-discovery tools, are

  software applications that gather data about technology

  assets via a network.

 The information collected is exported into a centralized

  database.
       Tracking Assets




The asset tracking database should include the following

information:

     User contact information.

     Hardware and system software configuration.

     Serial numbers and warranty information.

     Network wall jack and port numbers.
        Tracking Assets




The asset tracking database should include the following

information (continued):

     Physical location.

     Asset identification tag numbers.

     Troubleshooting and service histories.
           Asset Management and the
           Help Desk



 Integrating an asset management system with existing help

  desk systems result in increased productivity, financial

  savings, and user satisfaction.

 Integration is also beneficial in controlling the costs and

  usage of assets over their life span.
        Asset Management and the
        Help Desk



An effective asset management program provides the help

desk with the following benefits:

     Basic information about the hardware and software

      configuration is available in the asset-tracking database.

     The information received from the asset database is

      reliable and consistent, enabling an analyst to diagnose a

      problem correctly.
        Asset Management and the
        Help Desk



An effective asset management program provides the help

desk with the following benefits (continued):

     An asset-tracking program enables organizations to

      prevent potential problems from developing throughout the

      company.

     An asset database also serves as a powerful diagnostic tool

      for the help desk.
        Asset Management and the
        Help Desk



An effective asset management program provides the help

desk with the following benefits (continued):

     An asset tracking system can detect unauthorized software

      on a user’s PC.

     The total cost of ownership can be determined by

      incorporating information about trouble ticket and service

      request costs.
        Asset Management and the
        Help Desk



An effective asset management program provides the help

desk with the following benefits (continued):

     The ability to track assets is crucial when a company is

      undergoing change.

     Companies keep track of the maintenance and support

      contracts and warranties entered into with outside vendors.
           Threats to Computer Security




 Computer security is the process of planning,

  implementing, and verifying the protection of computer-

  related assets from threats.

 Sources of threats include natural disasters, utility outages,

  hackers, viruses, bugs, etc.

 Security can be established through passwords, file

  protection, encryption, and log files.
          Threats to Computer Security




 Physical security.

 Network security.
           Physical Security




 Physical security is a vital part of any security plan and is

  fundamental to all security efforts.

 It refers to protection against theft, vandalism, natural

  disasters, manmade catastrophes, and accidental damages.
          Network Security




 Network security involves the protection and preservation

  of resources and information on a network.

 A server is a powerful computer that acts as an

  intermediary between PCs on a network.
           Network Security




 The server provides a large volume of disk storage for

  shared information, and also controls access to data

  through the use of access controls.

 It is essential to log on to the server with a user ID and

  password to initiate a session on the network.
          Network Security




 Routers, firewalls, and proxy servers.

 Passwords and cryptography.

 Antivirus software.
          Routers, Firewalls, and
          Proxy Servers



 A router is a device that links a local network to a remote

  network.

 It determines the best route for data to travel across the

  network.
           Routers, Firewalls, and
           Proxy Servers



 Firewall is a security device that examines traffic entering

  and leaving a network.

 It determines whether to forward a data packet towards its

  destination.
           Routers, Firewalls, and
           Proxy Servers



 Packet filtering is a process in which a firewall filters

  information traveling into or out of the network.

 A firewall prevents unauthorized entry into the network and

  also prevents unauthorized data from exiting the network.
          Routers, Firewalls, and
          Proxy Servers



 Proxy server is a software application that acts as an

  intermediary between applications and servers.

 Proxy servers help control network traffic.
 Routers, Firewalls, and
 Proxy Servers




The flow of information in a secured network
          Passwords and Cryptography




 Passwords prevent unauthorized users from gaining access

  to information on a computer or a network, and are easy to

  implement.

 Cryptography is the protection of sensitive information by

  transforming it into an unreadable format.

 The act of encoding the contents of a message is known as

  encryption.
             Antivirus Software




 Antivirus software scans a system for known viruses.

 It attempts to remove the virus from the system and fix

  problems that the virus creates.

 Antivirus tools, however, cannot detect and eliminate all

  viruses.
           Security Processes




 Identifying assets.

 Assessing security needs and risks.

 Preparing for security violations.

 Monitoring networks.

 Responding to incidents.
          Identifying Assets




 Assets must be identified before they are protected.

 Asset discovery is commonly performed as part of the asset

  management plan.
          Assessing Security Needs
          and Risks



 Risk assessment takes into account the potential

  consequences of a security incident.

 Key areas to be addressed are physical, exterior, building,

  and data security, computer/data center, secured disposal

  site, password, data classification and access privileges,

  and social engineering.
          Preparing for Security
          Violations



 A security policy should be developed for building a secure

  computing environment.

 The policy must state its purpose, identify its scope, define

  terms, and declare the rights of users.
          Preparing for Security
          Violations



 The security policy must also delegate responsibility and

  action, reference related documents, and change to meet

  most criteria.

 It must be easily understandable and recognized as an

  authoritative document.
          Monitoring Networks




 An intrusion detection system (IDS) inspects all inbound

  and outbound network activity to identify suspicious

  patterns that may indicate an attack.

 A sniffer is a type of IDS that intercepts and analyzes data

  packets being transmitted over a network.
           Responding to Incidents




 The way in which organizations respond to computer

  security incidents are known as its incident handling

  capability.

 Effective incident handling capability requires the ability to

  quickly and efficiently react to disruptions in the normal

  course of events.
          Responding to Incidents




 Incidents reported in a convenient and straightforward

  fashion is referred to as centralized reporting.

 A response to an incident depends on timely reporting.

 Incident handling capability also assists an organization in

  preventing damage from future accidents.
           Additional Security Measures




Backups:

    Backup refers to the copying of files to another medium,

     ensuring availability of critical data in the event of data loss.

    The use of backups as a security measure requires careful

     planning.

    The most common backup methods are full, incremental,

     differential, daily copy, and copy backup.
          Additional Security Measures




User awareness and education:

    Training and awareness programs enhance a user’s knowledge

     of how to prevent, recognize, and report incidents.

    Users should be informed about the organization’s policies and

     the roles and responsibilities of various organizational units.
          Additional Security Measures




User awareness and education (continued):

    A set of guidelines stating what is expected of the users must

     be presented to them. These guidelines are called acceptable

     use policy.

    Security training makes users aware of their security

     responsibilities and promotes individual accountability.
           Additional Security Measures




Disaster recovery:

    A disaster recovery plan details activities and preparations to

     minimize loss and ensure continuity of critical business

     functions.

    The plan addresses events such as natural disasters, terrorist

     acts, power disruptions, etc.
           Additional Security Measures




Disaster recovery (continued):

    Most disaster recovery plans specify that data and servers are

     maintained at a physical location separate from the company’s

     main facility, known as a recovery site.

    The types of recovery sites are hot site, cold site, and off-site

     data storage.
           Additional Security Measures




Disaster recovery (continued):

    The steps involved in recovery process include responding,

     restoring infrastructure and data, returning to normal

     operations, and evaluating the recovery plan.

    The help desk plays a pivotal role in a company’s recovery

     efforts.
          Summary




 The ability to manage information technology assets

  effectively has become a critical business capability.

 Information about technology assets can be gathered using

  asset-tracking tools.

 An asset management system can be integrated with the

  help desk system to increase productivity, financial savings,

  and increased user satisfaction.
          Summary




 Computer security includes the protection of programs and

  data in addition to hardware.

 Backups, user education, and disaster recovery plans are

  also security measures.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:9/30/2012
language:English
pages:43