CSP - IT Rep - Information Systems Inventory

Last updated: February 9, 2023
// function infosys() { alert("UBC Information Services are an integrated set of components for collecting, storing, and processing data and for providing information, to obtain a desired outcome. They are usually comprised of multiple UBC Systems (e.g. servers, applications, endpoint devices etc)."); } function myFunction1() { alert("Hello! Message 2"); } // -->
 
Information Systems Inventory  
 

1. Information Systems Inventory

Do you have a process in place to maintain an inventory of UBC Information Services under your control?


Control or Process Description​

I have a process in place to keep a record of the tools used in the organized collection, processing, transmission, and dissemination of UBC's Electronic Information under my control.

It is considered essential the inventory accurately captures the following information at minimum.

  • Name of System / Information Repository
  • Server Name(s)
  • Process / System Owner
  • Privileged Users of the Infrastructure (eg. Servers, DB, etc.)
  • URL/access points/ IP Address (User and Admin interface)
Why is this Essential?

Understanding what you have is the first step in knowing how to protect it. Having an inventory of information systems, a description of the risk posed if compromised and the responsible parties for maintenance enables prioritization of security efforts to the highest-risk systems. Further in larger, IT portfolios, maintaining an inventory is a key step towards strategic planning around system life-cycling and aligning systems optimally with your specific needs. In the absence of an inventory with accountabilities for maintenance, it is likely systems may become orphaned (lack business and IT ownership) and would pose an increased risk to all of UBC.

From a Cybersecurity perspective, inventories support expediated incident response by involving the right system owners on time before it evolves into a serious incident.


Reference Links​
Information Security Standards – U1 Security Classification of UBC Electronic Information
Inventory of UBC-owned laptops and desktops

Instructions​

Below is a link for an asset inventory template. This asset inventory template is intended to assist Administrative Head of Units, CSM’s, IT Representatives and other System Owners in the unit/ faculty for collaborating, gathering and recording the asset information. You may repurpose/customize the sheet to include more information depending on your requirements.
Asset Inventory Template


What is Acceptable?

A person (IT Representative or a System Owner within the unit) or a group (e.g. IT Team) has been delegated responsibility to maintain the asset inventory, or to update the unit's inventory and refreshes the inventory at a defined frequency.


 
 
 
Return to CSP Self-Assessment

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning