Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7: Identifying Assets and Activities to be Protected - Coggle…
Chapter 7: Identifying Assets and Activities to be Protected
System Access & System Availability—This is an important consideration when users, including personnel and customers, need a system or service.
Direct and indirect revenue - A web server is an example of a service that can provide direct revenue
Failover cluster - provides fault tolerance for a server and ensures that a service provided by a server will continue to run even if a server fails
Productivity - Employees need services to perform their jobs.
System Functions: Manual and Automated
Automated Methods
Value to the customers - The automated methods are often considered valuable to the customers.
Value to the company - Any process that can be automated requires less labor to use, and less labor results in lower costs and higher profits
Ensuring process stays up
Protecting data
Manual Methods
Written records - The guest log is a handwritten log that records when guests check in and check out. Managers use this log to bill the customer.
Knowledge of the process - Employees would know how to create the bill from the available records.
Hardware Assets
Hardware Components
Hardware peripherals
Model Number
Basic input/output system (BIOS) version
Manufacturer
Location
Software Assets
Name of the OS, such as Microsoft Windows 10
Latest service pack installed
Hardware system where the OS installed
Personal Assets
Rotating jobs -
Cross-training - Personnel should be cross-trained in different systems. They will still perform a primary job function, but will occasionally spend time learning about other job functions
Hiring additional personnel - If a critical system is maintained by only one person, hiring additional personnel to help can eliminate the SPOF
Data and Information Assets
Protected by:
Backups - Protect data when it becomes corrupted or accidentally deleted.
Access controls - Protect data from unauthorized disclosure and help protect the confidentiality of data
Categories
Intellectual property
Copyright - includes literary and artistic works, such as books, films, and music, and artistic works, such as paintings and drawings
Industrial Property - Includes industrial designs, trademarks, inventions, and patents
Data warehousing - process of gathering data from different databases
Customer
Address
Phone number
Name
Email address
Historical purchases
Accounts receivable data
Account name and password
Credit card or banking data
Demographic data
Data mining - A group of techniques used to retrieve relevant data from a data warehouse
Organization
Billing and financial data
System configuration data
Employee data
System process data
Vendor data
Asset and Inventory Management within the Seven Domains of a Typical IT Infrastructure
LAN-to-WAN Domain
Hardware information
Configuration data
WAN Domain
Hardware information
Update information
LAN Domain
Elements to connect systems and servers together
Workstation Domain
Theft
Updates
Remote Access Domain
PBX Equipment
Modems
User Domain
Salary and bonus data
Employee reviews
Health care choices
Personal and contact
System/Application Domain
Database server
Web server
Email server
Networking service server
Hardware inforation
Update information
Inventory Management - Used to manage hardware inventories, which includes only the basic data, such as model and serial numbers. It shows what assets are on hand
Business Impact Analysis Planning - identifies the impact of a sudden loss of business functions
Defining scope
Identifying objectives
Mapping business functions and processes to IT systems
Identifying mission-critical business functions and processes
Disaster Recovery Plan - details needed to recover a system from a disaster and provides the details necessary to respond immediately to a disaster
BCP - overall plan used for emergency response
DRP - key component of BCP
Business Continuity Planning - a document used to help a company plan for a disaster or an emergency
Following steps to be taken for BCP:
Identifying critical functions
Identifying dependencies between key business areas and critical functions
Identifying key business areas
Determining acceptable downtime
Identifying the scope
Creating a plan to maintain operations
Notification/activation phase - Assessment teams are activated to respond to the emergency
Recovery phase - Damage is assessed
Reconstitution phase - organization returns to normal operations
Business Liability Insurance Planning
Professional - Insurance protects the company if an employee provides faulty or inaccurate advice
Product - type of insurance protects the company if a customer becomes injured because of using its product
General - Most organization will purchase general insurance