Lesson 9-Asset and Security Management

1
Lesson 9-Asset and Security Management
2
Overview

• Asset management.
• Tracking assets.
• Asset management and the help desk.
• Threats to computer security.
• Security processes.
• Additional security measures.

3
Asset Management

• IT asset management (ITAM) is the process of
  tracking information about technology assets
  throughout the entire asset life cycle.
• It provides IT organizations with the information
  to effectively manage and leverage assets.

4
Asset Management

• Proper asset management leads to increased
  productivity and reduced cost of ownership.
• Common information technology assets include
  hardware, software, proprietary data, manuals,
  guides, printouts, warranties, etc.

5
Asset Management

• Challenges of IT asset management
• Organizations must know the assets they possess,
  their value, and their physical location.
• It is essential to record detailed information
  for each asset.
• IT assets are complex and difficult to manage.
• Technology assets are mobile, making them
  difficult to track.

6
Asset Management

• Effective asset management is beneficial for
• Help desk personnel and facilities manager.
• Service and network managers.
• Account analysts.
• Purchase and finance managers.
• System, software, and IT managers.

7
Tracking Assets

• Asset tracking tools, also called auto-discovery
  tools, are software applications that gather data
  about technology assets via a network.
• The information collected is exported into a
  centralized database.

8
Tracking Assets

• The asset tracking database should include the
  following information
• User contact information.
• Hardware and system software configuration.
• Serial numbers and warranty information.
• Network wall jack and port numbers.

9
Tracking Assets

• The asset tracking database should include the
  following information (continued)
• Physical location.
• Asset identification tag numbers.
• Troubleshooting and service histories.

10
Asset Management and the Help Desk

• Integrating an asset management system with
  existing help desk systems result in increased
  productivity, financial savings, and user
  satisfaction.
• Integration is also beneficial in controlling the
  costs and usage of assets over their life span.

11
Asset Management and the Help Desk

• An effective asset management program provides
  the help desk with the following benefits
• Basic information about the hardware and software
  configuration is available in the asset-tracking
  database.
• The information received from the asset database
  is reliable and consistent, enabling an analyst
  to diagnose a problem correctly.

12
Asset Management and the Help Desk

• An effective asset management program provides
  the help desk with the following benefits
  (continued)
• An asset-tracking program enables organizations
  to prevent potential problems from developing
  throughout the company.
• An asset database also serves as a powerful
  diagnostic tool for the help desk.

13
Asset Management and the Help Desk

• An effective asset management program provides
  the help desk with the following benefits
  (continued)
• An asset tracking system can detect unauthorized
  software on a users PC.
• The total cost of ownership can be determined by
  incorporating information about trouble ticket
  and service request costs.

14
Asset Management and the Help Desk

• An effective asset management program provides
  the help desk with the following benefits
  (continued)
• The ability to track assets is crucial when a
  company is undergoing change.
• Companies keep track of the maintenance and
  support contracts and warranties entered into
  with outside vendors.

15
Threats to Computer Security

• Computer security is the process of planning,
  implementing, and verifying the protection of
  computer-related assets from threats.
• Sources of threats include natural disasters,
  utility outages, hackers, viruses, bugs, etc.
• Security can be established through passwords,
  ?le protection, encryption, and log files.

16
Threats to Computer Security

• Physical security.
• Network security.

17
Physical Security

• Physical security is a vital part of any security
  plan and is fundamental to all security efforts.
• It refers to protection against theft, vandalism,
  natural disasters, manmade catastrophes, and
  accidental damages.

18
Network Security

• Network security involves the protection and
  preservation of resources and information on a
  network.
• A server is a powerful computer that acts as an
  intermediary between PCs on a network.

19
Network Security

• The server provides a large volume of disk
  storage for shared information, and also controls
  access to data through the use of access
  controls.
• It is essential to log on to the server with a
  user ID and password to initiate a session on the
  network.

20
Network Security

• Routers, firewalls, and proxy servers.
• Passwords and cryptography.
• Antivirus software.

21
Routers, Firewalls, and Proxy Servers

• A router is a device that links a local network
  to a remote network.
• It determines the best route for data to travel
  across the network.

22
Routers, Firewalls, and Proxy Servers

• Firewall is a security device that examines
  traffic entering and leaving a network.
• It determines whether to forward a data packet
  towards its destination.

23
Routers, Firewalls, and Proxy Servers

• Packet filtering is a process in which a ?rewall
  filters information traveling into or out of the
  network.
• A firewall prevents unauthorized entry into the
  network and also prevents unauthorized data from
  exiting the network.

24
Routers, Firewalls, and Proxy Servers

• Proxy server is a software application that acts
  as an intermediary between applications and
  servers.
• Proxy servers help control network traffic.

25
Routers, Firewalls, and Proxy Servers
The flow of information in a secured network
26
Passwords and Cryptography

• Passwords prevent unauthorized users from gaining
  access to information on a computer or a network,
  and are easy to implement.
• Cryptography is the protection of sensitive
  information by transforming it into an unreadable
  format.
• The act of encoding the contents of a message is
  known as encryption.

27
Antivirus Software

• Antivirus software scans a system for known
  viruses.
• It attempts to remove the virus from the system
  and fix problems that the virus creates.
• Antivirus tools, however, cannot detect and
  eliminate all viruses.

28
Security Processes

• Identifying assets.
• Assessing security needs and risks.
• Preparing for security violations.
• Monitoring networks.
• Responding to incidents.

29
Identifying Assets

• Assets must be identi?ed before they are
  protected.
• Asset discovery is commonly performed as part of
  the asset management plan.

30
Assessing Security Needs and Risks

• Risk assessment takes into account the potential
  consequences of a security incident.
• Key areas to be addressed are physical, exterior,
  building, and data security, computer/data
  center, secured disposal site, password, data
  classi?cation and access privileges, and social
  engineering.

31
Preparing for Security Violations

• A security policy should be developed for
  building a secure computing environment.
• The policy must state its purpose, identify its
  scope, de?ne terms, and declare the rights of
  users.

32
Preparing for Security Violations

• The security policy must also delegate
  responsibility and action, reference related
  documents, and change to meet most criteria.
• It must be easily understandable and recognized
  as an authoritative document.

33
Monitoring Networks

• An intrusion detection system (IDS) inspects all
  inbound and outbound network activity to identify
  suspicious patterns that may indicate an attack.
• A sniffer is a type of IDS that intercepts and
  analyzes data packets being transmitted over a
  network.

34
Responding to Incidents

• The way in which organizations respond to
  computer security incidents are known as its
  incident handling capability.
• Effective incident handling capability requires
  the ability to quickly and efficiently react to
  disruptions in the normal course of events.

35
Responding to Incidents

• Incidents reported in a convenient and
  straightforward fashion is referred to as
  centralized reporting.
• A response to an incident depends on timely
  reporting.
• Incident handling capability also assists an
  organization in preventing damage from future
  accidents.

36
Additional Security Measures

• Backups
• Backup refers to the copying of ?les to another
  medium, ensuring availability of critical data in
  the event of data loss.
• The use of backups as a security measure requires
  careful planning.
• The most common backup methods are full,
  incremental, differential, daily copy, and copy
  backup.

37
Additional Security Measures

• User awareness and education
• Training and awareness programs enhance a users
  knowledge of how to prevent, recognize, and
  report incidents.
• Users should be informed about the organizations
  policies and the roles and responsibilities of
  various organizational units.

38
Additional Security Measures

• User awareness and education (continued)
• A set of guidelines stating what is expected of
  the users must be presented to them. These
  guidelines are called acceptable use policy.
• Security training makes users aware of their
  security responsibilities and promotes individual
  accountability.

39
Additional Security Measures

• Disaster recovery
• A disaster recovery plan details activities and
  preparations to minimize loss and ensure
  continuity of critical business functions.
• The plan addresses events such as natural
  disasters, terrorist acts, power disruptions, etc.

40
Additional Security Measures

• Disaster recovery (continued)
• Most disaster recovery plans specify that data
  and servers are maintained at a physical location
  separate from the companys main facility, known
  as a recovery site.
• The types of recovery sites are hot site, cold
  site, and off-site data storage.

41
Additional Security Measures

• Disaster recovery (continued)
• The steps involved in recovery process include
  responding, restoring infrastructure and data,
  returning to normal operations, and evaluating
  the recovery plan.
• The help desk plays a pivotal role in a companys
  recovery efforts.

42
Summary

• The ability to manage information technology
  assets effectively has become a critical business
  capability.
• Information about technology assets can be
  gathered using asset-tracking tools.
• An asset management system can be integrated with
  the help desk system to increase productivity,
  financial savings, and increased user
  satisfaction.

43
Summary

• Computer security includes the protection of
  programs and data in addition to hardware.
• Backups, user education, and disaster recovery
  plans are also security measures.