Information Asset Management

General

This section implements Integrated CSU Administrative Manual (ICSUAM) Policy 8065.0.

Information Asset Inventory

The Information Security Officer or designee will establish a uniform procedure for the inventory of assets containing Level 1 or Level 2 data. The Information Security Officer or designee will maintain this inventory, and audit it at least once per year.

In addition, the Information Security Officer or designee will create and maintain a catalog of T&I services to include physical machines, virtual machines, and services, and their business and system owners, to facilitate incident response.

Responsibilities of Asset Owners

T&I will implement documented practices that requires each designated owner of an information asset to—

  1. Classify the information asset in accordance with Policy IT.01.002 - Data Classification Policy Standard,
  2. Define security requirements proportionate to the value of the asset, and
  3. Manage the asset in accordance with appropriate campus and system-wide data management standards.