CSP - IT Rep - Information Systems Inventory

 

Information Systems Inventory

 
 

1. Information Systems Inventory

Do you have a process in place to maintain an inventory of UBC Information Services under your control?


Control or Process Description​

I have a process in place to keep a record of the tools used in the organized collection, processing, transmission, and dissemination of UBC's Electronic Information under my control.

It is considered essential the inventory accurately captures the following information at minimum.

  • Name of System / Information Repository
  • Server Name(s)
  • Process / System Owner
  • Privileged Users of the Infrastructure (eg. Servers, DB, etc.)
  • URL/access points/ IP Address (User and Admin interface)

Why is this Essential?

Understanding what you have is the first step in knowing how to protect it. Having an inventory of information systems, a description of the risk posed if compromised and the responsible parties for maintenance enables prioritization of security efforts to the highest-risk systems. Further in larger, IT portfolios, maintaining an inventory is a key step towards strategic planning around system life-cycling and aligning systems optimally with your specific needs. In the absence of an inventory with accountabilities for maintenance, it is likely systems may become orphaned (lack business and IT ownership) and would pose an increased risk to all of UBC.

From a Cybersecurity perspective, inventories support expediated incident response by involving the right system owners on time before it evolves into a serious incident.


Reference Links​
Information Security Standards – U1 Security Classification of UBC Electronic Information
Inventory of UBC-owned laptops and desktops

Instructions​

Below is a link for an asset inventory template. This asset inventory template is intended to assist Administrative Head of Units, CSM’s, IT Representatives and other System Owners in the unit/ faculty for collaborating, gathering and recording the asset information. You may repurpose/customize the sheet to include more information depending on your requirements.
Asset Inventory Template


What is Acceptable?

A person (IT Representative or a System Owner within the unit) or a group (e.g. IT Team) has been delegated responsibility to maintain the asset inventory, or to update the unit's inventory and refreshes the inventory at a defined frequency.


 
 
 
Return to CSP Self-Assessment
This page was last updated on Thursday, February 9, 2023 - 00:05