2.7 Explain the importance of asset management and documentation.
📘CompTIA Server+ (SK0-005)
Sensitive documentation in an IT environment includes any information that, if accessed by the wrong people, could harm the organization. This includes:
- Server and network configurations
- System passwords and encryption keys
- User account information
- Business-critical plans like disaster recovery plans
- Vendor contracts and license keys
Securing these documents is crucial because they are a key target for attackers or internal misuse. If this data is leaked, it could lead to data breaches, downtime, or legal problems.
1. Types of Sensitive Documentation
Here are some examples of sensitive documentation you might store securely:
- Configuration files: Server setups, firewall rules, and network diagrams
- Passwords and credentials: Admin passwords, service accounts, API keys
- Backup and recovery plans: How to restore servers, databases, and critical services
- Audit logs and compliance documents: Records that prove compliance with security policies or regulations
- Software licenses and vendor agreements: Proof of ownership and permitted usage
2. Methods of Secure Storage
There are several ways to store these documents securely in an IT environment:
a) Physical Security
- Keep documents in locked cabinets or safes inside secure server rooms
- Restrict access only to authorized personnel
- Track who accesses these physical documents
b) Digital Security
- Encryption: Store documents in encrypted folders or files so that even if someone steals the file, they cannot read it
- Example: Using BitLocker on Windows servers or LUKS on Linux servers
- Access controls: Limit who can view or modify sensitive files using file permissions and user roles
- Example: Only the system administrator group can access server configuration files
- Secure storage systems: Use secure servers, document management systems, or cloud storage with strong security policies
- Example: A company might store server diagrams in a SharePoint library with restricted permissions
c) Backup Security
- Ensure backups of sensitive documents are also encrypted
- Store backups in a physically secure location, separate from the primary data
d) Version Control and Auditing
- Use document versioning systems to track changes and prevent unauthorized modifications
- Example: Git repositories for scripts or configuration files, with restricted write access
- Maintain audit logs to see who accessed or modified files
3. Best Practices
- Least privilege principle: Only give access to people who need it to do their job
- Regular reviews: Periodically review who has access to sensitive documents
- Secure disposal: When sensitive documents are no longer needed, destroy them properly
- Physical: Shred paper documents
- Digital: Use secure deletion tools to prevent file recovery
- Two-factor authentication (2FA): For digital storage systems, require 2FA to reduce the risk of unauthorized access
4. IT Examples in Practice
- A system admin encrypts the server configuration folder on the network drive and allows only the IT team to access it.
- Disaster recovery plans are stored in a cloud storage solution with encryption, and only senior IT staff can download them.
- API keys for critical applications are stored in a secure password manager like HashiCorp Vault rather than plain text files.
- When an old server is decommissioned, its hard drives containing sensitive logs are securely wiped before disposal.
Key Exam Takeaways
- Sensitive documentation must be protected from unauthorized access.
- Use physical and digital security measures, like locked cabinets and encryption.
- Limit access using permissions and roles.
- Secure backups and track access through auditing.
- Properly dispose of documents that are no longer needed.
