Professional Documents
Culture Documents
Isc2 Cissp 2 5 1 Ensure Appropriate Asset Retention
Isc2 Cissp 2 5 1 Ensure Appropriate Asset Retention
Objectives:
External Resources:
Things to consider:
The OEM industry uses end of life and end of service/support life terms to
indicate an equipment life cycle stage as it relates to OEM support, marketing,
development, etc.
• GA / Sale Date
• End of Life / End of Sale
• End of Development
• End of Service Life / End of Support
End-of-life (EoL) indicates that a product is at the end of its useful life
(from the vendor's point of view), and a vendor stops marketing, selling, or
sustaining it. The vendor may simply intend to limit or stop support for the
product.
End of life (EOL) support - The OEM continues to offer post-warranty support for
EOL hardware.
End of service life (EOSL) support - In certain cases, the OEM may continue to
provide maintenance support but only by using a Third Party Maintenance (TPM) provider.
End of life and end of service life support - TPM is available for most equipment
in these stages with maintenance that is up to 70% lower than OEM costs.
Management should plan for a system's life cycle, eventual end of life, and any
corresponding security and business impacts.
Management should have policies to manage both the hardware and software life
cycles.
(a) the increased potential for vulnerabilities because the third party no
longer provides patches or support
(b) incompatibility with other systems in the institution's environment
(c) limitations in security features in older or obsolete systems
Management should also have a plan to replace the system or application and
implement compensating controls until replacement.
Strategies for replacing and updating hardware and software should incorporate
and align with overall information security and business strategies as appropriate.