Identifying Assets and

Activities to Be Protected
 Objectives

• Identifying the importance of system access and availability

• Differentiating between manual and automated system
functions
• Identifying hardware, software, and personnel assets that
need to be protected
• Identifying data and information assets
• Identifying asset and inventory management related to the
seven domains of a typical IT infrastructure
• Identifying facilities and supplies needed to maintain
business operations
http://fpt.edu.vn 05/20/202 2
4
 System Access and Availability
• Five nines:
– or 99.999 percent up time which equates to about 5.25 minutes of
downtime a year.
• A database server service protected with a two-node
failover cluster
• Single point of failure:
– any part of a system that can cause an entire system to fail, if it fails.
– A hardware Redundant Array of Independent Disks (RAID) is often used to
ensure that data isn’t lost
• The value of the service provided
– Direct and indirect revenue, Productivity

http://fpt.edu.vn 05/20/202 3
4
 System Functions: Manual and Automated
• Manual Methods:
– Written records - The guest log is a handwritten log used by managers to bill
the customer.
– Knowledge of process - Employees would know how to create the bill from the
available records
• Automated Method:
– A hotel may be able to automate many of the processes:
• Value to the customers - These automated methods are often considered
valuable to the customers.
• Value to the company - Any process that can be automated requires less
labor to use.
• Ensuring process stays up – the process is available when the customer
wants to access it.
• Protection of data – maintaining large databases.
http://fpt.edu.vn 05/20/202 4
4
 Hardware Assets

• The assets you can touch with your hands

– any types of computers (servers or desktop PCs)
– networking devices (routers and switches)
– network appliances (firewalls and spam appliances)
– Some of the other information:
• Location, Manufacturer, Model number
• Hardware components such as processor and random access memory
(RAM)
• Hardware peripherals such as add-on network interface cards (NICs)
• Basic Input/Output System (BIOS) version

http://fpt.edu.vn 05/20/202 5
4
 Software Assets
• Software assets include the operating system and applications
– OS (Microsoft Windows, Mac OS, and Red Hat Linux):
• OS specifics should include:
– Hardware system where it’s installed
– Name of the operating system, such as Microsoft Windows 7
– Latest service pack installed
– the applications perform specific functions or tasks (Microsoft Word or Adobe
Reader):
• the specifics of installed applications should include:
– Name of the application, such as Microsoft Windows Office Professional
– Version number
– Service pack or update information if it is available

http://fpt.edu.vn 05/20/202 6
4
 Personnel Assets

• Personnel assets are the people you have working for you
• Single person - Single point of failure
– Reducing this risk by taking different measures:
• Hiring additional personnel
• Cross training - ensuring that personnel are cross trained in different
systems.
• Job rotation - rotating personnel into different jobs on a regular basis,
such as once a year, also helping them build skills in different
technologies.
– Job rotation also helps an organization discover dangerous
shortcuts or fraudulent activities.

http://fpt.edu.vn 05/20/202 7
4
 Data and Information Assets

• Data is protected in two ways:

– Access controls and Backups
• Data and information assets Categories:
– Organization
– Customer
– Intellectual Property (IP)
– Data Warehousing and Data Mining

http://fpt.edu.vn 05/20/202 8
4
 Organizational Data and Information Assets

• Any internally used data:

– Employee data
– Billing and financial data
– System configuration data
– System process data
– Vendor data
• In compliance with HIPAA, SOX
– Many laws mandate the protection of different types of data - health-
related data, financial data

http://fpt.edu.vn 05/20/202 9
4
 Customer Data and Information Assets

• Data the company holds on customers:

– Name, Address, Phone numbers
– E-mail address
– Historical purchases
– Accounts receivable data
– Credit card or banking data
– Account name and password
– Demographic data, such as age and gender
• The more data the company stores, the more valuable that
collection of data becomes.

http://fpt.edu.vn 05/20/202 10
4
 Intellectual Property (IP) Data
and Information Assets
• Data created by a person or an organization
– inventions, literary and artistic works, symbols, names, and images
• The World Intellectual Property Organization (WIPO)
divides IP into
– Industrial property - industrial designs, trademarks
– Copyright - literary and artistic works, such as books, films, music,
paintings, drawings.
• Organizations can have either or both categories of IP
– Both national and international laws protect IP.
• Need to protect IP - the level of protection depends on the
value of the IP.
http://fpt.edu.vn 05/20/202 11
4
 Data Warehouse and Data Mining Assets
• Data warehousing and data mining techniques combine to
retrieve meaningful data from very large databases (VLDBs)
– Data warehousing - the process of gathering data from different databases
– Data mining - a group of techniques used to retrieve relevant data from a
data warehouse
• Data mining is a part of an overall business intelligence (BI) solution.
• Most databases are optimized as online transactional
processing (OLTP) databases
• Methods to protect the source databases and the data
warehouse
– Having effective backup strategies is most important
– Developers create the ETL (Extract, Transform, and Load) processes using
scripts or tools to identify the steps in the backup strategy
http://fpt.edu.vn 05/20/202 12
4
 Asset and Inventory Management Within the
Seven Domains of a Typical IT Infrastructure
• Inventory management
– used to manage hardware inventories, including only the basic data, such
as model and serial numbers.
• Asset management
– used to manage all types of assets, including much more detailed data
than an inventory management system includes.
• Two basic questions for each of the seven domains
– Are the assets valuable to the organization?
– Are they included in any type of inventory or asset management system?

http://fpt.edu.vn 05/20/202 13
4
 Asset and Inventory Management Within the
Seven Domains of a Typical IT Infrastructure
• User Domain
– Personal and contact data
– Employee reviews
– Salary and bonus data
– Health care choices
• Workstation Domain
– Two risks to address: Theft and Updates
• LAN Domain
– all the elements used to connect systems and servers together, including hubs, switches,
routers, firmware and built-in operating system (OS)
– the basics such as model, serial number, location and configuration data for these devices
in an asset management system.
• WAN Domain
– Two inventory and asset management information for WAN-based servers: Hardware and
http://fpt.edu.vn 05/20/202 14
update information 4
 Asset and Inventory Management Within the
Seven Domains of a Typical IT Infrastructure
• LAN-to-WAN Domain
– Firewalls - a single firewall separating the LAN from the WAN and multiple firewalls to create a
demilitarized zone (DMZ) or a buffer area.
– Two types of information in an asset management system: Hardware information and Configuration
data.
• Remote Access Domain
– Remote access technologies give users access to an internal network via direct dial-up or virtual
private network (VPN)
– Inventory and asset management information: similar to those in the WAN Domain + the dial-up
equipment:
• Modems and Phone branch exchange (PBX) equipment
• System/Application Domain
– Different types of application servers: e-mail, database (Oracle or Microsoft SQL), web and
networking service, including Domain Name System (DNS) and Dynamic Host Configuration
Protocol (DHCP) servers
– Inventory and asset management systems - information on any servers in the System/Application
Domain: Hardware and update information
http://fpt.edu.vn 05/20/202 15
4
 Identifying Facilities and Supplies Needed to
Maintain Business Operations
• Mission-critical systems and applications identification
• Business impact analysis (BIA) planning
• Business continuity planning (BCP)

http://fpt.edu.vn 05/20/202 16
4
 Identifying Facilities and Supplies Needed to
Maintain Business Operations
• Disaster recovery planning (DRP)
• Business liability insurance planning
• Asset replacement insurance planning

http://fpt.edu.vn 05/20/202 17
4