Asset Management - CompTIA Security+ SY0-701 - 4.2
Purchasing Process and Asset Management
Overview of the Purchasing Process
- Every organization has a formal process for acquiring goods and services, which typically requires multiple approvals from various departments.
- The purchasing process begins with the end user identifying a need for software or hardware, collaborating with IT and purchasing departments to assess budgetary constraints.
- Negotiations with suppliers are essential to secure favorable pricing, licensing terms, and contract details before finalizing purchases.
Invoice Processing and Asset Tracking
- After negotiations, suppliers deliver goods/services followed by an invoice that may require immediate payment or have a specified payment period (e.g., 30 or 60 days).
- Tangible products are recorded in an asset tracking system to manage their lifecycle; ownership is assigned to individuals who receive these assets.
Types of Assets and Tax Implications
- The asset tracking system categorizes devices as hardware or software, impacting tax liabilities—hardware is capital expenditure subject to depreciation while software is treated as an operating expense.
- This system aids in inventory management, allowing organizations to track all devices on their network effectively.
Help Desk Integration and Device Enumeration
- The asset tracking system supports help desk operations by linking users with specific tickets, providing detailed device information for technicians.
- Devices can be enumerated into individual components (e.g., CPU, memory), enhancing understanding of each device's makeup.
Security Features and Data Sanitization
- Physical asset tags can enhance security by associating unique identifiers with devices; this helps prevent loss or theft.
- When reusing devices, data sanitization is crucial. Depending on future use (recycling vs. internal reuse), different methods of data deletion are employed.
Methods for Secure Data Deletion
- For complete disposal of storage drives, physical destruction methods like shredding or drilling holes ensure data cannot be recovered.
Data Destruction and Retention Strategies
Methods of Data Destruction
- Degaussing is a method that uses a strong electromagnetic field to erase all data on a drive, rendering hard drives unusable.
- Organizations with large quantities of devices may opt for third-party services specializing in drive destruction due to time constraints.
- Third parties must not only destroy the drives but also provide a certificate of destruction as proof that the data is irretrievable.
- A certificate of destruction confirms that all drives given to the service provider have been completely destroyed, ensuring data security.
Importance of Data Retention
- Organizations often need to retain data for compliance with regulations, which may include keeping emails or financial records for specified durations.
- Policies and procedures regarding data retention are crucial, especially for organizations mandated by law to maintain certain types of data.