Educause Security Discussion mailing list archives
Re: Data Inventory Form?
From: "win-hied () bradjudy com" <win-hied () BRADJUDY COM>
Date: Thu, 5 May 2011 10:29:35 -0400
I wrote up this page and provided the linked basic Excel inventory sheets when I was at UC Boulder: http://www.colorado.edu/its/security/assetinventory/ I was surprised how many departments used the supplied templates for their inventories. A few extended existing inventory mechanisms to include checkboxes about sensitive information. Two caveats: getting people to fill out the information and return it is a painful and drawn out process, and the reliability of the sensitive information checkboxes isn't great if you aren't using a data searching tool. A lot of data breaches occur in close proximity to the words "I forgot about that old database/spreadsheet file." Brad J On May 5, 2011 at 9:40 AM Chet Langin <clangin () SIU EDU> wrote:
Hello, Can anyone recommend a standardized data inventory form? What we want to do is pass this form around to users and administrators in order for them to indicate if they have sensitive information on their computer equipment, such as socials, credit card numbers, and driver's license numbers, whether or not it is encrypted, what software is using the data, who owns the data, who maintains the data, and who maintains the systems. Plus things like the IP addresses, domain names, and type of hardware. They will be returning these forms to the information security unit which will then have to maintain the data. Then, are there any ideas on how to store this data? By IP address, LAN admin, dept, or "all of the above"? We want to know where our sensitive data is at! :-) -- Chet Langin SIU Information Security Analyst
Current thread:
- Data Inventory Form? Chet Langin (May 05)
- Re: Data Inventory Form? win-hied () bradjudy com (May 05)