|
|
|
 |
|
|||||||||||||
 |
IT Security Information - IT Asset Inventory
|
||
| ITS Home >> Security >> IT Asset Inventory
Background and PoliciesOne of the most important steps in IT management and IT security is understanding what physical and virtual IT assets an organization owns and manages. A good inventory provides information that is useful to daily system management, business office asset tracking, and security incident response. The University of Colorado has also developed a system-wide policy that requires departments to maintain IT asset inventories which can be found here: IT Security in University Operations, Continuity, and Contracting It is accompanied by a document that defines a common language for classifying the sensitivity and criticality of IT assets which can be found here: University of Colorado system-wide procedure statement for information classification The IT Security Office has developed a document elaborating on these definitions, which is available here: UCB Guidance on Information Asset Classification
Asset inventory guidanceTo assist in the process of creating IT asset inventories, the IT Security Office has created the following guidance documents and templates for both departments with existing inventories and departments that are creating one for the first time. Departments undertaking an IT asset inventory for the first time should read this document discussing the process in general, as well as the specific campus needs: Asset inventory guidance for departments without an existing inventory Departments looking to augment an existing inventory and learn about new requirements should read this document: Asset inventory guidance for departments with existing inventories
Inventory templatesThe following two templates are referenced in the guidance documents and can be used to build an asset inventory. Minimum information inventory template Expanded information inventory template
Helpful toolsTo assist departments in locating files containing social security numbers or credit card numbers, ITS has customized a version of Cornell’s Spider for Windows, and recommends University of Texas's SENF for non-Windows and Vista systems. You can find out more here:
Private data quick referenceThis quick reference table helps departments make decisions on how to handle private data they have identified within their department. Private data quick reference table
Asset Inventory Phase 2During the Spring semester 2008, the campus is asking all departments who have not yet performed a search for private data and signed a certification form to do so by March 31. The following letter is being sent to campus organizational unit heads (or their delegates) along with a list of the departments under their purview: The IT security office has developed a recommended process for organization units and departments, which is diagramed here: Asset inventory phase 2 flowchart Which includes returning a signed certification form to the IT Security Office for each department. The IT Security Office appreciates the efforts of the campus to identify and properly protect private data.
Contact Information |
|
||
|
|||||||||||
| Support | | | Training | | | Facilities | | | About ITS | | | ITS Home | |||
|
|||||||||||
