When
At least once a year.
Why
Equally applicable to your hardware inventory as to last week's topic, the less there is making up your system, the less there is to fix
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
when something goes wrong. And if your organization was audited tomorrow, could you answer questions like: Where is your baseline system architecture document, the one that lists all of the systems you own, including the IP addresses? And how often is it updated? Are backup and reserve systems accounted for, too? Does the number of software licenses match the number of systems they are loaded on? (This "weeding out" is the other side of Week 5 on seat management -- the number of licenses and systems should roughly match, assuming you don't have a site license.) What equipment do you own, what is leased, and what belongs to another department or organization? Where is your inventory list? What systems are you responsible for, directly and indirectly? Where are they? How many people work for your company? Where are they? How many carry laptops in addition to having a desktop system? How do you account for systems and parts you keep in reserve for cannibalizing?
Strategy
Cleaning out old parts and manuals will lead you naturally to update your hardware list or at least should provide a good baseline for doing so. Once you have sorted out what systems and parts you are using, do the same for physical disks, CDs, tapes, forms you've since put online, etc. (keeping in mind the hardware destruction info from Week 11). Label the remaining information and discard old manuals from systems you replaced years ago.
Companies can take corporate tax deductions for donating computer gear. Look for equipment you can comfortably donate instead of destroying. If you have moved to USB ports, and have no need for floppy disk drives, even external ones, donate them to schools, libraries, senior citizen's centers, after-school centers or other institutions that use computer equipment. For details and policies on this issue, be sure to check with your organization's legal counsel before donating anything first. You can also call up a lab or training center to reuse equipment that no longer needs to reside in your inventory.
More information
One highly recommended organizing book that shows up again and again by business people is Stephanie Winston's The Organized Executive, which derived the T-R-A-F system, i.e., Toss it, Refer it, Act on it (preferably on the same piece of paper) or File it. For a list of charitable organizations, find out to whom your company contributes on a regular basis, and whether there is technical fit. If your company doesn't have a charity, this might be a good opportunity to adopt one. Software programs designed to help you organize your hardware can be found online by using search phrases like "inventory hardware" and "organize hardware."
About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to mailto:securityplanner@infosecuritymag.com.
Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.
Last week: Spring cleaning: Part 1 -- Accounts and space
Next week: Spring cleaning: Part 3 -- Data
This was first published in April 2004