Page 1143 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1143
Securely Provisioning Resources
Another element of the security operations domain is provisioning and
managing resources throughout their lifecycle. Chapter 13, “Managing
Identity and Authentication,” covers provisioning and deprovisioning
for user accounts as part of the identity and access provisioning
lifecycle. This section focuses on the provisioning and management of
other asset types such as hardware, software, physical, virtual, and
cloud-based assets.
Organizations apply various resource protection techniques to ensure
that resources are securely provisioned and managed. As an example,
desktop computers are often deployed using imaging techniques to
ensure that they start in a known secure state. Change management
and patch management techniques ensure that the systems are kept
up-to-date with required changes. The techniques vary depending on
the resource and are described in the following sections.
Managing Hardware and Software Assets
Within this context, hardware refers to IT resources such as
computers, servers, routers, switches, and peripherals. Software
includes the operating systems and applications. Organizations often
perform routine inventories to track their hardware and software.
Hardware Inventories
Many organizations use databases and inventory applications to
perform inventories and track hardware assets through the entire
equipment lifecycle. For example, bar-code systems are available that
can print bar codes to place on equipment. The bar-code database
includes relevant details on the hardware, such as the model, serial
number, and location. When the hardware is purchased, it is bar-
coded before it is deployed. On a regular basis, personnel scan all of
the bar codes with a bar-code reader to verify that the organization
still controls the hardware.
A similar method uses radio frequency identification (RFID) tags,
