A company has decided that they need to begin maintaining assets deployed in the enterprise.

According to the CISSP CBK Official Study Guide1, the approach that should be followed to determine and maintain ownership information to bring the company into compliance is the enterprise asset management framework. An enterprise asset management framework is a set of principles, processes, and practices that are used or applied to manage or control the assets or the resources that are deployed or utilized in the enterprise or the organization, such as the hardware, software, data, or information of the enterprise or the organization. An enterprise asset management framework helps to ensure the security or the integrity of the enterprise or the organization, as well as the assets or the resources that are deployed or utilized in the enterprise or the organization, by enforcing or implementing the policies, procedures, or standards that govern or regulate the identification, classification, ownership, valuation, allocation, utilization, maintenance, protection, or disposal of the assets or the resources of the enterprise or the organization. An enterprise asset management framework also helps to ensure the compliance or the conformity of the enterprise or the organization, as well as the assets or the resources that are deployed or utilized in the enterprise or the organization, by adhering or conforming to the laws, regulations, or requirements that apply or relate to the assets or the resources of the enterprise or the organization, such as the legal, contractual, or ethical obligations or responsibilities of the enterprise or the organization. Following an enterprise asset management framework helps to determine and maintain ownership information to bring the company into compliance, as it provides or supports a systematic or a structured approach or method to identify or assign the owners or the custodians of the assets or the resources of the enterprise or the organization, as well as to document or record the ownership information or the details of the assets or the resources of the enterprise or the organization, such as the name, description, location, status, or value of the assets or the resources of the enterprise or the organization. Determining and maintaining ownership information helps to bring the company into compliance, as it ensures or verifies the accountability or the responsibility of the owners or the custodians of the assets or the resources of the enterprise or the organization, as well as the accuracy, completeness, or consistency of the ownership information or the details of the assets or the resources of the enterprise or the organization, which may help to avoid or prevent the disputes, conflicts, or issues that may arise or occur regarding the assets or the resources of the enterprise or the organization, such as the theft, loss, misuse, or abuse of the assets or the resources of the enterprise or the organization. Asset baseline using commercial off the shelf software is not the approach that should be followed to determine and maintain ownership information to bring the company into compliance, although it may be a benefit or a consequence of following an enterprise asset management framework. An asset baseline is a reference or a standard that is used or applied to measure or compare the performance or the quality of the assets or the resources of the enterprise or the organization, by using or applying the appropriate metrics or indicators, such as the availability, reliability, or efficiency of the assets or the resources of the enterprise or the organization. Commercial off the shelf software is a type of software that is readily available or accessible in the market or the industry, which can be purchased or acquired by the enterprise or the organization, without requiring or involving any customization or modification of the software, such as the operating systems, applications, or utilities of the software. Using commercial off the shelf software helps to create or establish an asset baseline, as it provides or supports a common or a consistent platform or tool to collect or analyze the data or the information that are related or relevant to the performance or the quality of the assets or the resources of the enterprise or the organization, such as the usage, configuration, or status of the assets or the resources of the enterprise or the organization. Creating or establishing an asset baseline helps to manage or control the assets or the resources of the enterprise or the organization, as it enables or facilitates the monitoring, evaluation, or improvement of the performance or the quality of the assets or the resources of the enterprise or the organization, by using or applying the appropriate methods or mechanisms, such as the reporting, auditing, or optimization of the assets or the resources of the enterprise or the organization. However, using commercial off the shelf software to create or establish an asset baseline is not the approach that should be followed to determine and maintain ownership information to bring the company into compliance, as it does not address or target the identification, documentation, or verification of the owners or the custodians of the assets or the resources of the enterprise or the organization, which are the essential or the fundamental components or elements of the ownership information or the details of the assets or the resources of the enterprise or the organization. Asset ownership database using domain login records is not the approach that should be followed to determine and maintain ownership information to bring the company into compliance, although it may be a benefit or a consequence of following an enterprise asset management framework. An asset ownership database is a repository or a storage that is used or applied to store or maintain the ownership information or the details of the assets or the resources of the enterprise or the organization, such as the name, description, location, status, or value of the assets or the resources of the enterprise or the organization. A domain login record is a record or a log that is used or applied to record or document the login or the access of the users or the employees to the domain or the network of the enterprise or the organization, such as the username, password, date, time, or duration of the login or the access of the users or the employees to the domain or the network of the enterprise or the organization. Using domain login records helps to create or establish an asset ownership database, as it provides or supports a source or a basis to identify or assign the owners or the custodians of the assets or the resources of the enterprise or the organization, as well as to document or record the ownership information or the details of the assets or the resources of the enterprise or the organization, based on the login or the access of the users or the employees to the domain or the network of the enterprise or the organization, which may indicate or reflect the usage, configuration, or status of the assets or the resources of the enterprise or the organization. However, using domain login records to create or establish an asset ownership database is not the approach that should be followed to determine and maintain ownership information to bring the company into compliance, as it does not provide or support a comprehensive or a complete approach or method to identify or assign the owners or the custodians of the assets or the resources of the enterprise or the organization, as well as to document or record the ownership information or the details of the assets or the resources of the enterprise or the organization, as it may not cover or include all the assets or the resources of the enterprise or the organization, or all the users or the employees of the enterprise or the organization, which may lead to the gaps, errors, or inconsistencies in the ownership information or the details of the assets or the resources of the enterprise or the organization. A script to report active user logins on assets is not the approach that should be followed to determine and maintain ownership information to bring the company into compliance, although it may be a benefit or a consequence of following an enterprise asset management framework. A script is a program or a code that is used or applied to perform or execute a specific or a particular function or task in the system or the network, by using or applying the appropriate commands or instructions, such as the batch, shell, or PowerShell commands or instructions of the system or the network. Reporting active user logins on assets is the process of generating or producing a report or a document that shows or displays the active or the current user logins or accesses to the assets or the resources of the enterprise or the organization, such as the username, password, date, time, or duration of the user logins or accesses to the assets or the resources of the enterprise or the organization. Using a script helps to report active user logins on assets, as it provides or supports a fast or an efficient way or method to collect or analyze the data or the information that are related or relevant to the active or the current user logins or accesses to the assets or the resources of the enterprise or the organization, by using or applying the appropriate commands or instructions, such as the batch, shell, or PowerShell commands or instructions of the system or the network. Reporting active user logins on assets helps to manage or control the assets or the resources of the enterprise or the organization, as it enables or facilitates the monitoring, evaluation, or improvement of the usage, configuration, or status of the assets or the resources of the enterprise or the organization, by using or applying the appropriate methods or mechanisms, such as the reporting, auditing, or optimization of the assets or the resources of the enterprise or the organization. However, using a script to report active user logins on assets is not the approach that should be followed to determine and maintain ownership information to bring the company into compliance, as it does not address or target the identification, documentation, or verification of the owners or the custodians of the assets or the resources of the enterprise or the organization, which are the essential or the fundamental components or elements of the ownership information or the details of the assets or the resources of the enterprise or the organization.