Any accountant will tell you that hardware assets are generally considered
depreciable assets. What this means, from an information security standpoint,
is that hardware assets have a limited life span before they need to
be replaced or upgraded.
However, often when organizations invest a significant amount of money
into their hardware assetsand into the training required for personnel
to keep these assets runningthey are reluctant to upgrade these
assets. It could be that they have developed a proprietary or legacy
software environment that would be costly to update, or it could be
that the retraining required would be overwhelming.
Whatever the reason, many organizations find themselves with older
systems that may or may not be supported by the original manufacturers.
This, of course, means that replacement parts and documentation may
not be available, an important security concern.