🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 16.3 - Provision Information & Assets Securely

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series covers how to track and protect assets across their whole life, a core practice in Domain 7. It looks at who actually owns an asset, what asset management really means, how to inventory hardware, how to manage software as an asset, and how to keep watch over the intangible things you cannot touch.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

Who actually owns an asset?

Ownership sits with senior management, not with the technician who touches it daily. The data owner is a senior leader with ultimate responsibility for a set of information, and senior managers likewise own hardware their department runs. Naming the owner names the person on the hook for protecting the asset. Owners then delegate the hands-on work to a data custodian, who handles daily chores like access controls, backups, and storage.

What does asset management really mean?

It means tracking everything of value, whether you can touch it or not, from the day you acquire it to the day you retire it. Tangible assets are physical, like hardware and software the company owns, while intangible assets are abstract but real, like patents, copyrights, and reputation. It usually starts with a good inventory, often an automated configuration system that confirms each machine is still on the network as it checks settings.

How do you inventory hardware?

By tagging and scanning everything through its full life cycle. A common approach is a bar-code system: you tag each device, store its model, serial number, and location in a database, then periodically scan the tags to confirm you still control the gear. Radio-frequency tags do the same job faster and hands-off but cost more. Sanitize each device before disposal using a checklist, and treat portable media holding sensitive data as a tracked asset too.

How do you manage software as an asset?

By guarding your license keys and hunting for anything unauthorized. Software assets are your operating systems and applications, activated with license keys that often phone a licensing server. Those keys are gold, because a leaked key burned on outside machines can make your own legitimate installs fail activation. On the compliance side, scanning tools inspect systems remotely to spot software nobody approved, closing security gaps and keeping you honest with licensing.

How do you track intangible assets you cannot touch?

Differently, because intangible assets have no barcode to scan. Intellectual property, patents, trademarks, and reputation carry enormous value that is hard to price. Senior management typically owns these and estimates their worth by the benefit they bring, such as valuing a patent by the revenue its product generates. Patents also expire and demand periodic maintenance fees, so losing track of one can forfeit it entirely.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 16.3 - Provision Information & Assets Securely.