General
This section implements .
Information Asset Inventory
The Information Security Officer or designee will establish a uniform procedure for the inventory of assets containing Level 1 or Level 2 data. The Information Security Officer or designee will maintain this inventory, and audit it at least once per year.
In addition, the Information Security Officer or designee will create and maintain a catalog of ITS services to include physical machines, virtual machines, and services, and their business and system owners, to facilitate incident response.
Responsibilities of Asset Owners
ITS will implement documented practices that requires each designated owner of an information asset to—
- Classify the information asset in accordance with ,
- Define security requirements proportionate to the value of the asset, and
- Manage the asset in accordance with appropriate campus and system-wide data management standards.