General
This section implements CSU Information Security Policy 8065.00.
Information Asset Inventory
The Information Security Officer or designee will establish a uniform procedure for the inventory of assets containing Level 1 or Level 2 data. The Information Security Officer or designee will maintain this inventory, and audit it at least once per year.
In addition, the Information Security Officer or designee will create and maintain a catalog of ITS services to include physical machines, virtual machines, and services, and their business and system owners, to facilitate incident response.
Responsibilities of Asset Owners
ITS will implement documented practices that requires each designated owner of an information asset to—
- Classify the information asset in accordance with Policy IT.01.002 - Data Classification Policy Standard,
- Define security requirements proportionate to the value of the asset, and
- Manage the asset in accordance with appropriate campus and system-wide data management standards.