Assignment/accounting (ownership, classification)

3.6 Asset management

📘CompTIA Security+ (SY0-701)

1. Ownership of Assets

Ownership is about knowing who is responsible for an asset in your IT environment.

  • Asset owner: The person or role responsible for the asset. They ensure it is protected, maintained, and used correctly.
  • Custodian: The person or role who manages the asset daily, like IT staff maintaining servers, databases, or devices.
  • User: The person who actually uses the asset but is not responsible for security or maintenance.

Example in IT environments

  • A company server:
    • Owner: IT Manager (responsible for server security, updates, and access control).
    • Custodian: System administrator (performs backups, updates, and troubleshooting).
    • User: Employees who access applications on the server.

Key point for the exam: Ownership defines who is accountable for security. Assets without clear ownership are high-risk, as nobody is directly responsible for them.

2. Accounting of Assets

Accounting is about tracking and recording all assets in the organization. This ensures nothing is lost, misplaced, or unprotected.

What to track

  • Type of asset: Server, laptop, database, software license, cloud resource.
  • Owner and custodian: Who is responsible for it.
  • Location: Physical location or network segment.
  • Value and classification: Sensitivity and criticality to the organization.
  • Status: Active, in repair, or retired.

Tools used

  • Asset inventory databases (CMDB – Configuration Management Database)
  • Spreadsheets or IT asset management software
  • Network discovery tools (to automatically detect assets on the network)

Key point for the exam: Asset accounting ensures visibility. If you don’t know what assets you have, you cannot protect them effectively.

3. Classification of Assets

Classification is about categorizing assets based on sensitivity, importance, or criticality. This helps determine how they should be protected.

Common classifications

  1. Public / Low Sensitivity: Information that can be shared outside the organization.
  2. Internal / Medium Sensitivity: Information for internal staff only (like internal documentation).
  3. Confidential / High Sensitivity: Information that, if leaked, could harm the organization (like source code or financial data).
  4. Critical / Very High Sensitivity: Assets essential to operations, often protected with highest security measures (like customer databases, active production servers).

Why it matters in IT

  • A server hosting a public website has lower security needs than a database storing personal customer information.
  • Classification helps determine encryption, backup frequency, access controls, and monitoring requirements.

Key point for the exam: Classifying assets ensures resources are protected according to their importance.

4. Assignment and Classification Workflow

  1. Identify the asset: Find out what hardware, software, or data exists.
  2. Assign ownership: Decide who is responsible (owner, custodian, user).
  3. Classify the asset: Decide its sensitivity and importance.
  4. Record it: Put it in an asset inventory or CMDB.
  5. Maintain and review: Update when assets change, are moved, or are decommissioned.

Example in IT:

  • A new cloud storage account is created.
    • Owner: Cloud administrator
    • Custodian: IT operations team
    • User: Employees needing access
    • Classification: Confidential (because it stores sensitive data)
    • Inventory: Added to CMDB with all details.

5. Exam Tips / What to Remember

  • Know the difference between owner, custodian, and user.
  • Understand why classification is important (it drives security decisions).
  • Remember that accounting = keeping track of assets, which reduces risk.
  • Be familiar with common IT examples like servers, databases, network devices, software licenses, and cloud resources.

Typical exam scenario:

  • A question might ask: “Who is ultimately responsible for the security of a server?”Answer: Owner
  • Or: “Why is asset classification important?”Answer: It ensures assets are protected according to sensitivity/criticality.

Summary:
Assignment and accounting in asset management mean:

  1. Ownership → Who is responsible
  2. Custody → Who manages it
  3. User → Who uses it
  4. Accounting → Track and record all assets
  5. Classification → Categorize assets by importance and sensitivity

This ensures every IT asset is known, secured, and managed properly, which is a core principle for Security+.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by