Purpose
To provide 51ÁÔÆæÈë¿Ú with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable 51ÁÔÆæÈë¿Ú to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
In order for 51ÁÔÆæÈë¿Ú leadership to make informed, business-driven decisions regarding computing assets, they must first know what assets exist, and the status of those assets. This information provides 51ÁÔÆæÈë¿Ú visibility into license utilization, software support costs, unauthorized devices, vulnerabilities, threats, and compliance posture. IT assets include items such as servers, desktops, laptops, and network devices, as well as software, applications, programs and logical processes. 51ÁÔÆæÈë¿Ú data, students, faculty, staff, devices, systems, and facilities that enable the organization to achieve educational, business, and operational purposes are identified and managed. The management of these assets is consistent with their relative importance to 51ÁÔÆæÈë¿Ú educational, business, and operational objectives as well as 51ÁÔÆæÈë¿Ú’s overall risk strategy.
Summary
- All devices purchased with 51ÁÔÆæÈë¿Ú funding will be inventoried.
- The inventory is kept up to date either through manual inspection or automated tools
- Unauthorized hardware detected by automated mechanisms will have its network access disabled and Information Technology Services (ITS) will be notified of its existence.
- All software will be inventoried.
- Automated tools will be used to detect unauthorized software and if unauthorized software is discovered, ITS will be notified.
- ITS will protect 51ÁÔÆæÈë¿Ú assets both through the use of encryption, user education and infrastructure design.
- Any external system connections will need to be documented by 51ÁÔÆæÈë¿Ú ITS in order to ensure they are secure.