Objective: Identify, register, and protect all information and communications system assets from internal and external threats.
Scope: Hardware, software, services, and information assets.
Policy Details:
- Designation: All information system elements must be designated.
- Identification & Documentation: All assets must be identified and documented in asset registers.
- Protection: Assets must be protected from threats.
- Register Security: The asset register is classified as "top secret" and requires high-security protection.
Simulation:
- Acceptable Policy:
- Asset Identification: IT department identifies all devices and software.
- Asset Documentation: Assets are entered into the register with detailed information.
- Record Protection: Register is stored securely with restricted access, complex passwords, and encryption.
- Unacceptable Policy:
- Ignoring Documentation: New assets are not entered into the register.
- Record Sharing: Register is shared with unauthorized personnel.
- Lack of Security: Register is stored in an unprotected system.
Correct Implementation:
- Asset Identification: Track and identify all assets.
- Asset Documentation: Register all assets in the university's register.
- Classification & Protection: Classify the register as "top secret" and apply security protocols.
- Periodic Review: Regularly review and update the register.
Conclusion:
- This policy ensures accurate and secure management and protection of university information system assets.
