What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $49 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

What is the difference between asset owner and custodian?

The asset owner is accountable for the asset's security—they authorize access, approve changes, and accept risk. The custodian (often IT) manages the asset day-to-day—implementing controls, performing maintenance, and executing the owner's decisions. Owner makes decisions; custodian implements them.

A Configuration Management Database (CMDB) tracks IT assets (Configuration Items) and their relationships. Beyond simple inventory, it shows how assets connect—which servers run which applications, which networks connect to which systems. This enables impact analysis and incident investigation.

Why is asset discovery important?

Asset discovery identifies all devices and systems on the network, including unknown or unauthorized ones. You can't protect or patch assets you don't know exist. Regular discovery compared to inventory reveals shadow IT, rogue devices, and inventory inaccuracies.

What does asset classification determine?

Classification determines the security controls applied to an asset based on its sensitivity. Restricted assets get the strictest controls (encryption, access restrictions, monitoring), while public assets need minimal protection. Classification should match the most sensitive data the asset handles.

Objective 4.2Medium10 min

Asset Assignment and Accounting

Tracking ownership, classification, and monitoring of organizational assets throughout their lifecycle including inventory management, CMDB maintenance, and accountability controls.

Understanding Asset Assignment and Accounting

Asset assignment and accounting ensures every organizational asset has a known owner, location, and classification. You can't protect what you don't know you have—complete asset visibility is fundamental to security.

Key asset management elements: • Asset inventory — Complete list of all assets • Ownership assignment — Accountable individuals • Classification — Sensitivity/criticality levels • Monitoring — Track location and status

The 2013 Target breach began through an HVAC vendor with network access. Target didn't have complete visibility into which systems connected to their network or proper asset segmentation. Better asset management would have identified the unauthorized connection paths.

If you can't find it in your inventory, you can't secure it.

Why This Matters for the Exam

Asset management is tested on SY0-701 because it's foundational to security operations. Questions cover inventory practices, ownership, classification, and lifecycle management.

Understanding asset management helps with vulnerability scanning, incident response, and compliance. During incidents, knowing what assets exist and who owns them accelerates response.

The exam tests recognition of asset management practices and their security implications.

Deep Dive

What Is an Asset Inventory?

An asset inventory is a comprehensive database of all organizational assets.

Asset Inventory Contents:

Attribute	Purpose
Asset ID	Unique identifier
Type	Hardware, software, data
Owner	Accountable person
Location	Physical/logical location
Classification	Sensitivity level
Status	Active, retired, etc.
Value	Cost/importance

Asset Types:

Hardware:
- Servers, workstations, laptops
- Network equipment
- Mobile devices
- IoT devices

Software:
- Operating systems
- Applications
- Licenses
- Cloud services

Data:
- Databases
- File shares
- Backups
- Archives

Information:
- Intellectual property
- Trade secrets
- Customer data

What Is a CMDB?

Configuration Management Database (CMDB) tracks IT assets and their relationships.

CMDB Components:

Component	Description
Configuration Items (CIs)	Individual assets
Attributes	Asset properties
Relationships	Connections between assets
History	Change tracking

CMDB Relationships:

[Web Application]
       |
       | runs on
       v
[Application Server]
       |
       | hosted on
       v
[Virtual Machine]
       |
       | runs on
       v
[Physical Server]
       |
       | connected to
       v
[Network Switch]

Understanding relationships helps:
- Impact analysis
- Incident investigation
- Change management

What Is Asset Ownership?

Asset ownership assigns accountability for each asset's security.

Ownership Roles:

Role	Responsibility
Asset Owner	Accountable for asset security
Custodian	Day-to-day management
User	Authorized to use asset
Administrator	Technical management

Ownership Assignment:

Every asset must have:
- Identified owner (person, not role)
- Backup owner (succession)
- Clear responsibilities
- Regular review

Owner responsibilities:
- Authorize access
- Approve changes
- Accept risk
- Ensure compliance

What Is Asset Classification?

Classification categorizes assets by sensitivity and criticality.

Classification Levels:

Level	Description	Example
Public	No restrictions	Marketing materials
Internal	Organization only	Policies, procedures
Confidential	Need-to-know	Financial data
Restricted	Highly sensitive	Trade secrets, PII

Classification Process:

1. Identify asset
2. Determine sensitivity
   - What's the impact if disclosed?
   - What's the impact if lost?
   - What's the impact if unavailable?
3. Assign classification
4. Apply appropriate controls
5. Mark/label asset
6. Review periodically

How Do You Monitor Assets?

Asset monitoring tracks location, status, and changes.

Monitoring Methods:

Method	Purpose
Discovery scanning	Find new assets
Inventory audits	Verify accuracy
Change tracking	Detect modifications
Location tracking	Physical assets
License monitoring	Software compliance

Automated Discovery:

Network scanning:
- Detect new devices
- Identify unauthorized assets
- Verify known inventory

Agent-based:
- Software inventory
- Configuration state
- Real-time updates

Comparison:
- Compare discovery to CMDB
- Identify discrepancies
- Investigate unknowns

What Is Asset Lifecycle Management?

Assets move through stages from acquisition to disposal.

Asset Lifecycle:

[Procurement] → [Deployment] → [Operation] → [Maintenance] → [Retirement] → [Disposal]

Each stage has security requirements:

Procurement:
- Vendor assessment
- Security requirements

Deployment:
- Baseline configuration
- Inventory registration

Operation:
- Monitoring
- Access control

Maintenance:
- Patching
- Updates

Retirement:
- Data migration
- Access removal

Disposal:
- Data destruction
- Physical disposal

How CompTIA Tests This

Example Analysis

Scenario: A company discovers unknown devices on their network during a security audit. They have no asset inventory. Design an asset management program.

Analysis - Asset Management Implementation:

Current State Problems:

✗ No asset inventory
✗ Unknown devices on network
✗ No ownership assignment
✗ No classification
✗ Cannot identify scope of incidents
✗ Compliance failures likely

Asset Management Program:

Phase 1: Discovery

Network discovery:
- Scan all network segments
- Identify all connected devices
- Document IP, MAC, hostname
- Identify operating systems

Physical inventory:
- Walk-through of facilities
- Document all hardware
- Check for unconnected devices
- Record serial numbers

Phase 2: Inventory Creation

Asset Type	Attributes to Track
Servers	Hostname, IP, OS, function, location
Workstations	Asset tag, user, department, location
Network devices	Type, IP, location, VLAN
Mobile	Device ID, user, MDM status
Software	Name, version, license, installed on
Cloud	Service, provider, owner, data type

Phase 3: Ownership Assignment

For each asset:
1. Identify business function
2. Determine responsible department
3. Assign individual owner
4. Document backup owner
5. Define custodian (IT)
6. Get owner acknowledgment

Phase 4: Classification

Classification criteria:
- Data sensitivity
- Business criticality
- Regulatory requirements
- Availability requirements

Apply labels:
- Public (green)
- Internal (yellow)
- Confidential (orange)
- Restricted (red)

Phase 5: CMDB Implementation

Feature	Purpose
CI records	Store asset details
Relationships	Map dependencies
Change history	Track modifications
Integration	Connect to other tools
Reporting	Generate asset reports

Phase 6: Ongoing Monitoring

Automated:
- Weekly network discovery
- Compare to inventory
- Alert on new devices
- Track software changes

Manual:
- Quarterly physical audits
- Annual ownership review
- Classification review
- CMDB accuracy validation

Key insight: Asset management is foundational—you can't secure what you don't know exists. Discovery identifies current state, inventory tracks it, ownership creates accountability, classification determines controls, and monitoring ensures ongoing accuracy.

Key Terms

asset assignmentasset accountingasset managementasset inventoryCMDBasset classificationownership tracking

Common Mistakes

Role-based ownership instead of individual—"IT" can't be held accountable. Assign specific people.

Static inventory—assets change constantly. Continuous discovery and regular audits are essential.

Classification without controls—classification is meaningless without corresponding security controls.

Forgetting cloud assets—SaaS, IaaS, PaaS are assets too. Include them in inventory.

Exam Tips

Asset owner = accountable for security decisions. Custodian = manages day-to-day.

CMDB = Configuration Management Database = tracks assets AND relationships between them.

Discovery scanning finds unknown assets. Compare discovery to CMDB to find discrepancies.

Classification determines controls: Restricted = strictest controls, Public = minimal controls.

Every asset needs an owner (individual person, not role or department).

Asset lifecycle: Procurement → Deployment → Operation → Maintenance → Retirement → Disposal.

Memory Trick

•Asset Inventory Attributes - "OTLCSV":
•Owner (who's accountable)
•Type (hardware/software/data)
•Location (where is it)
•Classification (sensitivity)
•Status (active/retired)
•Value (importance/cost)

•Ownership Roles - "OCUA":
•Owner = Overall accountable
•Custodian = Cares for it daily
•User = Uses the asset
•Administrator = Administers technically

Classification Order (least to most): "Public Internal Confidential Restricted" Or: "PICR" = "Pick the Right level"

•Asset Lifecycle - "PDOMRD":
•Procurement
•Deployment
•Operation
•Maintenance
•Retirement
•Disposal

Discovery Rule: "If it's on your Network, it needs to be in your Inventory" Unknown devices = Unknown risk

Test Your Knowledge

Q1.Who is accountable for an asset's security and approves access requests?

Q2.What distinguishes a CMDB from a simple asset inventory?

Q3.Network scanning reveals devices not in the asset inventory. What should be done FIRST?

Want more practice with instant AI feedback?

Continue Learning

Acquisition and Procurement Disposal and Decommissioning

Ready for the Exam?

See exactly where you stand on this concept and 182 others.

99% pass rate · Pass guarantee

Acquisition and Procurement Disposal and Decommissioning