4.2 - CompTIA Security+

Acquisition/procurement process

• Acquisition/procurement process: Workflow/process for organizations to acquire software/hardware products. Involves evaluating potential vendors thoroughly, assessing their security practices, and ensuring compliance with relevant regulations.

Assignment/accounting

• Assignment/accounting: In asset management, processes that ensure each physical and data asset has an identified owner, and are appropriately tagged and classified within an inventory.

Ownership

• Ownership: Each asset should have a designated owner responsible for its maintenance, security, and ensuring compliance with relevant policies.

Classification

• Classification: Assets must be categorized based on their sensitivity and importance to the organization, which helps in determining the appropriate level of security measures required to protect them.

Monitoring/asset tracking

Inventory

• Inventory: A list of items that outlines the physical/digital assets owned by an organization.

Enumeration

• Enumeration:

Disposal/decommissioning

Sanitization

• Sanitization: Removal of any sensitive data stored on corporate drives.

Destruction

• Destruction: It refers to the complete obliteration of data from storage devices in order to prevent unauthorized access. This process ensures that data cannot be recovered or reconstructed using any methods.

Certification

• Certificate of destruction: Certificate provides a confirmation that all of the drives that you’ve given to a third party have now been completely destroyed, and now you know that all of that data is no longer accessible.

Data retention

• Data retention: The practice of managing and storing data in accordance with organizational policies and legal requirements, ensuring that information is kept for a specified period before being securely disposed of.