Hardware Maintenance Program

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there, welcome to
00:00
our next lesson, Hardware Maintenance.
00:00
Now in this lesson, we'll cover
00:00
aspects of the maintenance program,
00:00
some of the common procedures and
00:00
artifacts that you'll find in this type of program.
00:00
The types of audit reviews and
00:00
activities that you as an auditor may
00:00
undertake with this thing and
00:00
asset management inventory aspects.
00:00
Let's begin. Hardware maintenance program.
00:00
Hardware, basically, as you would expect,
00:00
needs to be routinely cleaned in service.
00:00
Now, depending upon the type of
00:00
hardware or these requirements will vary.
00:00
But the key thing here from
00:00
a business perspective is that you need to schedule this.
00:00
Scheduling is very important to ensure that we have
00:00
appropriate uptime and you have
00:00
the systems available when they need to be available.
00:00
A couple of aspects of
00:00
the information needs to be maintained in this program.
00:00
Service company information,
00:00
so who is actually servicing it?
00:00
The actual schedule of maintenance information.
00:00
How often does this hardware need to
00:00
be maintained and the cost information as well,
00:00
as well as the performance history?
00:00
It's very important to determine
00:00
exactly how well the maintenance schedule
00:00
is working by keeping records
00:00
of planned or unplanned outages, for example.
00:00
A couple of common procedures and artifacts that you'll
00:00
encounter with this type of activity.
00:00
Availability reports.
00:00
Essentially your report detailing how
00:00
often systems are up and how often they're down.
00:00
Any hardware error reports.
00:00
Anything that's actually going
00:00
wrong and any investigation around that.
00:00
Just general asset management reports.
00:00
Just reporting based on
00:00
the actual maintenance of the asset itself.
00:00
Now, from an auditor's perspective,
00:00
you need to be looking at a couple of actual items here.
00:00
You'll be looking at reviewing
00:00
the hardware acquisition plan
00:00
and also contrasting that with the actual acquisition.
00:00
Just because it's planned doesn't
00:00
actually mean that it's taken place and
00:00
it hasn't actually been purchased and it needs to
00:00
be some investigation or
00:00
at the very least an understanding
00:00
of exactly why that took place.
00:00
IT Asset Management.
00:00
We need to have very basic asset inventory,
00:00
for example, capacity management and monitoring.
00:00
Very important with hardware is to
00:00
determine whether it is still suitable
00:00
and capable of managing
00:00
the load that the business is putting
00:00
under a preventative maintenance schedule.
00:00
Things need to be repaired and
00:00
serviced and maintained on a regular basis.
00:00
Again, with the hardware availability
00:00
and utilization reports.
00:00
To determining as to exactly how well
00:00
the systems are running and how well
00:00
they're being used and contrasting that with
00:00
the actual other artifacts such as
00:00
hardware acquisition plan and
00:00
the capacity management and monitoring,
00:00
and also any of the log.
00:00
When stuff goes wrong,
00:00
it needs to be recorded and then
00:00
fed into this process as well.
00:00
In terms of the IT Asset Management Register
00:00
or Inventory,
00:00
a couple of details need to be included.
00:00
Obviously, who owns this particular asset?
00:00
The designated custodian,
00:00
which may very well be the owner,
00:00
or it could be some delegate
00:00
within your organizational training command,
00:00
the specific identification of the assets.
00:00
How is it identified on the system or asset number
00:00
or anything that can very
00:00
specifically determine that this is the actual asset,
00:00
relative value to the organization?
00:00
In terms of how much it cost,
00:00
how much costs to maintain those details.
00:00
The loss implications and recovery priorities.
00:00
This is to be fed directly
00:00
into disaster recovery and business continuity,
00:00
which we'll be covering a little bit
00:00
later in this particular module.
00:00
Location, so exactly where it
00:00
is and the security risk classification.
00:00
How important is this asset?
00:00
Is it containing lots of
00:00
business confidential information, etc?
00:00
And just the general asset group it belongs to.
00:00
A couple of additional points to know.
00:00
Purchasing records, so I'll probably key to
00:00
any asset management plan or a hardware maintenance plan,
00:00
any inventory software tools.
00:00
Particularly for very large organizations which may
00:00
spread over multiple sites or even multiple countries.
00:00
Managing inventory via software
00:00
is probably key and essential,
00:00
particularly if you can't.
00:00
If it's impossible for anyone person or
00:00
one team to physically site and examine all assets.
00:00
A key to security strategy.
00:00
Assets need to be very much in line with
00:00
whatever security strategy
00:00
the organization has put together.
00:00
If something is purchased for
00:00
the organization and it helps to run the organization,
00:00
then it also needs to be secured.
00:00
Also bear in mind that software
00:00
and hardware are both assets.
00:00
While we may think of physical service as
00:00
hardware and assets to be tracked,
00:00
software can very much be in
00:00
the same boat as hardware assets.
00:00
That's the end of our lesson. We've talked
00:00
a little bit about the maintenance program,
00:00
some of the common procedures and
00:00
artifacts that you'll encounter,
00:00
what you need to do as
00:00
an auditor and some of the review activities that
00:00
you'll be involved and
00:00
the asset management inventory process.
00:00
I hope you enjoyed our lesson
00:00
and I will see you in the next one.
Up Next