Topic 7A

Asset Management

Asset Tracking

An asset management process tracks all the organization’s critical systems, components, devices, and other objects of value in an inventory. It also involves collecting and analyzing information about these assets so that personnel can make informed changes or work with assets to achieve business goals.

There are many software suites and associated hardware solutions available for tracking and managing assets. An asset management database can store as much or as little information as necessary. Typical data would be type, model, serial number, asset ID, location, user(s), value, and service information.

Asset Assignment/Accounting and Monitoring/Asset Tracking

Asset ownership assignment/accounting and classification are essential components of a well-structured asset management process, ensuring that organizations effectively manage and protect their resources while maintaining accountability.

Assigning asset ownership involves designating specific individuals or teams within the organization as responsible for particular assets to establish a clear chain of accountability for asset security, maintenance, and ongoing management. Asset classification involves organizing assets based on their value, sensitivity, or criticality to the organization. This enables the consistent and repeatable application of required security controls, effective prioritization for maintenance and updates, and appropriate budget allocation. Both processes need periodic reviews to account for changes in asset value, sensitivity, or relevance to business operations.

Monitoring/asset tracking activities include inventory and enumeration tasks, which involve creating and maintaining a comprehensive list of all assets within the organization, such as hardware, software, data, and network equipment. Regularly updating and verifying the asset inventory helps organizations identify and manage their assets effectively, ensuring they have accurate information about each asset’s location, owner, and status. This information is vital for license management, patch deployment, and security incident response. Asset monitoring also involves tracking the performance, security, and usage of assets, allowing organizations to detect potential issues, vulnerabilities, or unauthorized access promptly. Proactive asset monitoring helps mitigate risks, optimize resource utilization, and ensure compliance with regulatory requirements.

There are several ways to perform asset enumeration, depending on the size and complexity of the organization and the types of assets involved:

Manual Inventory—In smaller organizations or for specific asset types, manually creating and maintaining an inventory of assets may be feasible. This process involves physically inspecting assets, such as computers, servers, and network devices, and recording relevant information, such as serial numbers, make and model, and location.

• Network Scanning—Network scanning tools, such as Nmap, Nessus, or OpenVAS, can automatically discover and enumerate networked devices, including servers, switches, routers, and workstations. These tools can identify open ports, services, and sometimes even the operating systems and applications running on the devices.

• Asset Management Software—Asset management software solutions, such as Lansweeper, ManageEngine, or SolarWinds, can automatically discover, track, and catalog various types of assets, including hardware, software, and licenses. These tools often provide a centralized dashboard for managing the asset inventory, monitoring changes, and generating reports.

• Configuration Management Database (CMDB)—A CMDB is a centralized repository of information related to an organization’s IT infrastructure, including assets, configurations, and relationships. Tools like ServiceNow or BMC Remedy can help create and maintain a CMDB, providing a holistic view of the organization’s assets and interdependencies.

• Mobile Device Management (MDM) Solutions—For organizations with a significant number of mobile devices, MDM solutions like Microsoft Intune, VMware Workspace ONE, or MobileIron can help enumerate, manage, and secure smartphones, tablets, and other mobile assets.

• Cloud Asset Discovery—With organizations increasingly adopting cloud services, cloud-native tools, such as AWS Config or Azure Resource Graph, or third-party solutions like CloudAware or CloudCheckr, can help discover and catalog assets deployed in the cloud.

Data Backups

Backups play an essential role in asset protection by ensuring the availability and integrity of an organization’s critical data and systems. By creating copies of important information and storing them securely in separate locations, backups are a safety net in case of hardware failure, data corruption, or cyberattacks such as ransomware. Regularly testing and verifying backup data is crucial to ensuring the reliability of the recovery process. In an enterprise setting, simple backup techniques often prove insufficient to address large organizations’ unique challenges and requirements. Scalability becomes a critical concern when vast amounts of data need to be managed efficiently. Simple backup methods may struggle to accommodate growth in data size and complexity. Performance issues caused by simple backup techniques can disrupt business operations because they slow down applications while running and typically have lengthy recovery times. Additionally, enterprises demand greater granularity and customization to target specific applications, databases, or data subsets, which simple techniques often fail to provide. Compliance and security requirements necessitate advanced features such as data encryption, access control, and audit trails that simplistic approaches typically lack. Moreover, robust disaster recovery plans and centralized management are essential components of an enterprise backup strategy. Simple backup techniques might not support advanced features like off-site replication, automated failover, or streamlined management of the diverse systems and geographic locations that comprise a modern organization’s information technology environment. Critical capabilities for enterprise backup solutions typically include the following features: • Support for various environments (virtual, physical, and cloud) • Data deduplication and compression to optimize storage space • Instant recovery and replication for quick failover • Ransomware protection and encryption for data security • Granular restore options for individual files, folders, or applications • Reporting, monitoring, and alerting tools for effective management • Integration with popular virtualization platforms, cloud providers, and storage systems

Data deduplication describes a data compression technique that optimizes storage space by identifying and eliminating redundant data. It works by analyzing data blocks within a dataset and comparing them to find identical blocks. Instead of storing multiple copies of the same data, deduplication stores a single copy and creates references or pointers to that copy for all other instances. Deduplication can be performed at different levels, such as file-level, block-level, or byte-level. Deduplication significantly minimizes storage requirements and improves data transfer efficiency, particularly in backup and data replication processes, by reducing the amount of duplicate data stored.

Backup Frequency Many dynamics influence data backup frequency requirements, including data volatility, regulatory requirements, system performance, architecture capabilities, and operational needs. Organizations with highly dynamic data or stringent regulatory mandates may opt for more frequent backups to minimize the risk of data loss and ensure compliance. Conversely, businesses with relatively stable data or less stringent regulatory oversight might choose less frequent backups, balancing data protection, data backup costs, and maintenance overhead. Ultimately, the optimal backup frequency is determined by carefully assessing an organization’s regulatory requirements, unique needs, risk tolerance, and resources. On-Site and Off-Site Backups The need for on-site and off-site backups must be balanced, as they are crucial in securing critical data and ensuring business continuity. On-site backups involve storing data locally (in the same location as the protected systems) on devices such as hard drives or tapes to provide rapid access and recovery in case of data loss, corruption, or system failures. On the other hand, off-site backups involve transferring data to a remote location to ensure protection against natural disasters, theft, and other physical threats to local infrastructure, as well as catastrophic system loss that can result from ransomware infection, for example.

Ransomware poses a significant threat to businesses and organizations by encrypting

vital data and demanding a ransom for its release. In many cases, ransomware attacks also target backup infrastructure, hindering recovery efforts and further exacerbating the attack's impact. Perpetrators often employ advanced techniques to infiltrate and compromise both primary and backup systems, rendering them useless when needed. Organizations can implement several strategies to defend against this risk, such as maintaining air-gapped backups physically disconnected from the network, thereby actively preventing ransomware from accessing and encrypting them.