Page History

...

• Getting Started | Overview |  Resources | Standards
• Responsibility for Assets (ISO 8.1)
• Information Classification (ISO 8.2)
• Media Handling (ISO 8.3)

...

Top of page

Responsibility for Assets

...

Panel
bgColor #FFFFCE
Objective: To ensure adequate protection of organizational resources, all assets should be accounted for and each should have a designated responsible party.

...

Anchor
Classification Classification

Information Classification

...

Panel
bgColor #FFFFCE
Objective: To appropriately protect various kinds of information, implement a classification scheme that states the relative importance of each type of information to the organization, as well as an appropriate level and method of protection for each.

...

Top of page

Anchor
Media Media

Media Handling

...

Panel
bgColor #FFFFCE
Objective: To prevent business disruptions due to the unauthorized disclosure, modification, removal or destruction of information and information technology resources.

...

Panel
bgColor #ADD8E6
EDUCAUSE Resources Data Stewards vs. Digital Hoarders in a Game of Riskfrom Security Professionals Conference 2014 Effective Data Governance Practicesfrom Security Professionals Conference 2013 Administration of Data Loss Prevention Services in Higher Educationfrom Security Professionals Conference 2013 Data Governance: Essential for Strategy, Policy, and Operationsfrom Enterprise IT Leadership Conference 2012 Taking Risk Assessment from Project to Process: A Novel Approachfrom Security Professionals Conference 2010 Foundations for Effective Security Risk and Program Assessmentfrom Security Professionals Conference 2010 Asset Management and Sustainability at the University of Richmondfrom EDUCAUSE Quarterly, Volume 32, Number 3, 2009 Security Metrics: A Solution in Search of a Problem from EDUCAUSE Quarterly, Volume 31, Number 3, 2008 Who Owns the Data, Anyway? Defining Data Stewardshipfrom Security Professionals Conference 2007Welcome to My Fiefdom: IT Asset Management in a Decentralized Organization and the Creation of OpenITAMfrom EDUCAUSE Annual 2006 Safeguarding Information Assets in Higher Educationfrom EDUCAUSE Review, Volume 41, Number 5, 2006 IT Asset Management: Watch Your Assets The Disintegrating Perimeter: Planning for the Shift to Asset-Based Security from Security Professionals Conference 2005 Addressing Information Security Risk, from EDUCAUSE Quarterly Volume 28, Number 4, 2005IT Asset Management: What Computer Equipment Do You Own and Where Is It?from EDUCAUSE Annual 2000 Acceptable and Responsible Use Policies Data Classification Toolkit Data Classification Policies Data Stewardship Policies

...

ISO	NIST	COBIT	PCI DSS	2014 Cybersecurity Framework	HIPAA Security
27002:2013 Information Security Management Chapter 8: Asset Management ISO/IEC 27005:2011	800-30: Risk Management Guide for Information Technology Systems 800-37: Guide for the Security Certification and Accreditation of Federal Information Systems 800-53: Recommended Security Controls for Federal Information Systems and Organizations	APO01.06 APO03.03 APO03.04 APO13.01 BAI02.01 BAI06.01 BAI09.01 BAI09.02 BAI09.03 BAI09.05 DSS05.02 DSS06.06	Req 9 Req 12	ID.AM-1 ID.AM-2 ID.AM-5 PR.DS-1 PR.DS-2 PR.DS-3 PR.DS-5 PR.IP-6 PR.IP-11 PR.PT-2	45 CFR 164.308(a)(1)(i) 45 CFR 164.310(c) 45 CFR 164.310(d)(1)

...