Page 1144 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1144

which can transmit information to RFID readers. Personnel place the
               RFID tags on the equipment and use the RFID readers to inventory

               the equipment. RFID tags and readers are more expensive than bar
               codes and bar-code readers. However, RFID methods significantly
               reduce the time needed to perform an inventory.

               Before disposing of equipment, personnel sanitize it. Sanitizing
               equipment removes all data to ensure that unauthorized personnel do
               not gain access to sensitive information. When equipment is at the end

               of its lifetime, it’s easy for individuals to lose sight of the data that it
               contains, so using checklists to sanitize the system is often valuable.
               Checklists can include steps to sanitize hard drives, nonvolatile
               memory, and removable media such as compact discs (CDs), digital
               versatile discs (DVDs), and Universal Serial Bus (USB) flash drives
               within the system. NIST 800-88r1 and Chapter 5 have more
               information on procedures to sanitize drives.


               Portable media holding sensitive data is also managed as an asset. For
               example, an organization can label portable media with bar codes and
               use a bar-code inventory system to complete inventories on a regular
               basis. This allows them to inventory the media holding sensitive data
               on a regular basis.


               Software Licensing

               Organizations pay for software, and license keys are routinely used to
               activate the software. The activation process often requires contacting

               a licensing server over the internet to prevent piracy. If the license
               keys are leaked outside the organization, it can invalidate the use of
               the key within the organization. It’s also important to monitor license
               compliance to avoid legal issues.

               For example, an organization could purchase a license key for five
               installations of the software product but only install and activate one
               instance immediately. If the key is stolen and installed on four systems

               outside the organization, those activations will succeed. When the
               organization tries to install the application on internal systems, the
               activation will fail. Any type of license key is therefore highly valuable
               to an organization and should be protected.
   1139   1140   1141   1142   1143   1144   1145   1146   1147   1148   1149