Presentation is loading. Please wait.

Presentation is loading. Please wait.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Published byAshley Short Modified over 9 years ago

Similar presentations

Presentation on theme: "Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset."— Presentation transcript:

1 Asset & Security Management Chapter 9

2 IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset life cycle, from initial ordering or purchase to retirement and disposal. Asset management provides IT department with the information to efficiently manage and leverage assets for increased productivity and reduced cost of ownership.

3 Assets include… Hardware Software Proprietary data Backups and archives Manuals, guides and books Printouts Audit records Distribution media for licensed software Warranties and maintenance records.

4 Organisational benefits… Helpdesk can view configurations, service history & track problems Facilities manager know where the assets are located Service manager has easy access to warranty and maintenance records Network manager sees network configuration in detail Accounting has value of assets & tracks technology investment

5 Organisational benefits… Purchasing manager views costs and orders across the organisation Financial manager can view the entire inventory and determine how to get the best return on technology investment System manager can see lease and maintenance status and can efficiently plan upgrades Software manager can view licensing information IT manager can discover ways of optimising IT resources across the organisation

6 Challenges… Constant change Non-standard environment Mobile devices

7 Collecting information… First step is to compile an inventory of all technology assets – Auto discovery tools gather data about technology assets via the network

8 Asset tracking information – User contact information – Hardware configuration – System software configuration – Serial number – Warranty information – Network wall jack and port numbers – Physical location – Asset identification tag umbers – Troubleshooting and service histories

9 Helpdesk benefit Availability of configuration Information Accuracy of information Prevention of widespread problems Remote diagnosis of problems Detection of unauthorised software Tracking of software usage Determination of Total cost of ownership Implementation of Change Requests Tracking of warranty and maintenance information

10 Question Is an asset management system a replacement for an existing helpdesk information system?

11 Computer Security

12 Is the process of planning, implementing and verifying the protection of an organisation's computer-related assets from internal and external threats.

13 Measures Passwords, locks, file protections and encryption to keep intruders out Log files and system alerts to warn of unauthorised entry Backups, uninterruptable power supplies and mirrored disk images to repair or replace items after damage Security policies to handle violations that do occur

14 Physical security Protection of building sites & equipment from theft, vandalism, natural disasters, manmade catastrophes and accidental damage.

15 Security Threats Natural disaster Utility outage Hackers Viruses Theft of assets Political terrorism Subversive employees or contractors System configuration changes Bugs in software

16 Security Process Stages 1.Identifying assets 2.Assessing risk 3.Preparing 4.Monitoring 5.Responding

17 1. Identifying Assets Before assets can be protected, they must be identified.

18 2. Assessing security needs & risks Determine the risk level of the organisations technology assets – Physical security – Computer/data centre – Data security – Data classification – Data access privileges – Social engineering

19 3. Preparing for Security Violations A well written, comprehensive security policy is the foundation for a secure computing environment. Must state – Purpose – Scope – Terms – Rights of users – Delegate responsibilities & action – Reference related documents

20 Example Information Security Policy http://www.it.ox.ac.uk/policies-and- guidelines/information-security-policy http://www.it.ox.ac.uk/policies-and- guidelines/information-security-policy

21 4. Monitoring An intrusion detection system (IDS) e.g., a sniffer, inspects all inbound & outbound network activity & identifies suspicious activity

22 5. Responding to Incidents Incidents will occur Incident handling demands the ability to quickly and efficiently react to disruptions There should be a written procedure to be followed in the event of a violation or attack A disaster recovery plan must be in place and practiced

23 Backups The activity of copying files to another medium so that they will be preserved in case the originals are no longer available.

24 Backup Methods Full backup – All files are backed up. Most complete and most time consuming. Incremental – Only files that have changed since the last backup are backed up. Least time consuming to backup but most time consuming to restore. Differential – Only files that have changed since the last full backup are backed up. Daily copy – Only files that were changed on that day are backed up Copy – Backing up of only selected files.

Download ppt "Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
The Islamic University of Gaza

The Islamic University of Gaza
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.

®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Similar presentations

Ads by Google