This guide will walk you through the process of creating and managing an inventory of information assets for the purpose of information security risk assessment and disaster recovery planning. To access the Information Assets Inventory feature, follow the steps below:
-
Hover over the "Context" menu: Located on the navigation bar of CIMSNex.
-
Select "Information Assets Mapping": This option enables you to map information assets against organizational business services and processes.
-
Click "Create": This action allows you to start adding information assets to the inventory.
-
IA-ID: Automatically generated by the system for Information Asset identification. System-generated; no manual entry required.
-
Date: Default is the current date. Automatically populated with the current date; no manual entry required.
-
Asset Category: Choose the category that best describes the type of information asset. e.g. SaaS
-
Asset Name: Specify the name or identifier of the information asset used by the organisation. e.g. If you selected SaaS, here you type Microsoft office 365, etc
-
Location: Indicate the physical or virtual location of the information asset.
-
Asset ID: Enter a unique identifier for the asset (e.g., serial number).
-
Ownership Level: Choose the ownership level of the asset.
-
Not Applicable: The concept of ownership is not applicable to this asset. This may be relevant for assets that are communal or do not have a specific owner.
-
Corporate: The asset is owned and managed by the organization as a whole. Ownership and responsibility lie with the corporate entity.
-
BYOD (Bring Your Own Device): The asset is a personal device owned by an individual (employee) and used for work-related activities.
-
Leased: The asset is acquired through a leasing agreement, with temporary ownership and usage rights.
-
Licensed: The asset is used under a licensing agreement, indicating legal permission to use specific software or intellectual property.
-
Subscription: The asset is acquired through a subscription model, typically involving periodic payments for ongoing access or use.
-
-
Options:
-
Asset Owner: Specify the individual or entity responsible for the information asset.
-
Relationship: Choose the relationship type of the asset with the organization.
-
Configuration Item: The asset is tracked and managed as a configuration item within the organization's configuration management system.
-
Not Configuration Item: The asset is not tracked or managed as a configuration item within the organization's configuration management system.
-
-
Options:
-
Security Classification: Assign the security classification to the asset.
-
PII (Personally Identifiable Information): The asset contains Personally Identifiable Information (PII), requiring the highest level of protection to safeguard individual privacy.
-
Class 1 - (Low Sensitivity): The asset has low sensitivity, with minimal risk or impact if accessed or disclosed. Basic security measures are sufficient.
-
Class 3 - (High Sensitivity/Confidential/Proprietary): The asset holds high sensitivity, confidential, or proprietary information. Strict security measures and restricted access are necessary to prevent unauthorized disclosure.
-
Class 2 - (Moderate Sensitivity): The asset has moderate sensitivity, requiring security measures beyond basic but less stringent than assets with high sensitivity.
-
Class 0 - (No Sensitivity/Public/Unclassified): The asset has no sensitivity or is public information. It is unclassified and does not require special security measures.
-
-
Options:
-
Asset Version: Specify the version or edition of the information asset.
-
Asset Status: Choose the current status of the asset.
-
Asset Deployed: The asset has been deployed or put into active service.
-
End-of-Life Asset (EOL): The asset has reached the end of its usable life and is no longer supported or maintained. Replacement or decommissioning is typically necessary.
-
Asset De-registered: The asset has been removed from the registered inventory or database.
-
Asset In Use: The asset is currently in active use and is contributing to business operations.
-
Asset In Inventory: The asset is recorded and tracked in the inventory system but is not currently deployed or in active use.
-
Out of Warranty: The asset's warranty period has expired, and it may no longer be eligible for warranty services.
-
Asset Disposed: The asset has been disposed of through a formal process, such as returning it to the supplier, selling it, or other disposal methods.
-
-
Options:
-
Support: Choose the type of support associated with the asset.
-
Other: The asset has a type of support that is not covered by the specified options. Users can provide additional details.
-
Developer Support: Support provided by the developer of the asset, typically including technical assistance and issue resolution.
-
HR Support: Human Resources (HR) provides support for assets related to personnel or workforce.
-
Vendor Support: Support is provided by the vendor or supplier from whom the asset was acquired.
-
Maintenance Agreement: Support is covered by a formal maintenance agreement, outlining specific terms and conditions for upkeep.
-
Call Center Support: Support services are accessible through a call center, providing assistance for asset-related issues.
-
System Manuals: Support is available through documentation and manuals providing guidance on using and maintaining the asset.
-
OEM Support: Original Equipment Manufacturer (OEM) provides support for assets they manufactured.
-
IT Help Desk Support: Support is provided through the organization's IT Help Desk, addressing technical issues and inquiries.
-
Service Level Agreement: Support is governed by a formal Service Level Agreement (SLA), specifying agreed-upon service standards and response times.
-
-
Options:
-
Attachment: Attach any relevant documents or files related to the information asset.
-
Additional Details: Provide any supplementary information about the information asset.
Once you've completed the form, click "Submit" to register the asset in the inventory.
