Appendix B: Common Information System Assets

  • Article

Published: October 15, 2004   |   Updated: March 15, 2006

This appendix lists information system assets commonly found in organizations of various types. It is not intended to be comprehensive, and it is unlikely that this list will represent all of the assets present in your organization's unique environment. Therefore, it is important that you customize the list during the Assessing Risk phase of your project. It is provided as a reference list and a starting point to help your organization get underway.

Table B.1: Common Information Systems Assets

Asset Class Overall IT Environment Asset Name Asset Rating

 

Highest level description of your asset

Next level definition(if needed)

Asset Value Rating, see Group definition tab (1-5)

Tangible

Physical infrastructure

Data centers

5

Tangible

Physical infrastructure

Servers

3

Tangible

Physical infrastructure

Desktop computers

1

Tangible

Physical infrastructure

Mobile computers

3

Tangible

Physical infrastructure

PDAs

1

Tangible

Physical infrastructure

Cell phones

1

Tangible

Physical infrastructure

Server application software

1

Tangible

Physical infrastructure

End-user application software

1

Tangible

Physical infrastructure

Development tools

3

Tangible

Physical infrastructure

Routers

3

Tangible

Physical infrastructure

Network switches

3

Tangible

Physical infrastructure

Fax machines

1

Tangible

Physical infrastructure

PBXs

3

Tangible

Physical infrastructure

Removable media (tapes, floppy disks, CD-ROMs, DVDs, portable hard drives, PC card storage devices, USB storage devices, and so on.)

1

Tangible

Physical infrastructure

Power supplies

3

Tangible

Physical infrastructure

Uninterruptible power supplies

3

Tangible

Physical infrastructure

Fire suppression systems

3

Tangible

Physical infrastructure

Air conditioning systems

3

Tangible

Physical infrastructure

Air filtration systems

1

Tangible

Physical infrastructure

Other environmental control systems

3

Tangible

Intranet data

Source code

5

Tangible

Intranet data

Human resources data

5

Tangible

Intranet data

Financial data

5

Tangible

Intranet data

Marketing data

5

Tangible

Intranet data

Employee passwords

5

Tangible

Intranet data

Employee private cryptographic keys

5

Tangible

Intranet data

Computer system cryptographic keys

5

Tangible

Intranet data

Smart cards

5

Tangible

Intranet data

Intellectual property

5

Tangible

Intranet data

Data for regulatory requirements (GLBA, HIPAA, CA SB1386, EU Data Protection Directive, and so on.)

5

Tangible

Intranet data

U.S. Employee Social Security numbers

5

Tangible

Intranet data

Employee drivers' license numbers

5

Tangible

Intranet data

Strategic plans

3

Tangible

Intranet data

Customer consumer credit reports

5

Tangible

Intranet data

Customer medical records

5

Tangible

Intranet data

Employee biometric identifiers

5

Tangible

Intranet data

Employee business contact data

1

Tangible

Intranet data

Employee personal contact data

3

Tangible

Intranet data

Purchase order data

5

Tangible

Intranet data

Network infrastructure design

3

Tangible

Intranet data

Internal Web sites

3

Tangible

Intranet data

Employee ethnographic data

3

Tangible

Extranet data

Partner contract data

5

Tangible

Extranet data

Partner financial data

5

Tangible

Extranet data

Partner contact data

3

Tangible

Extranet data

Partner collaboration application

3

Tangible

Extranet data

Partner cryptographic keys

5

Tangible

Extranet data

Partner credit reports

3

Tangible

Extranet data

Partner purchase order data

3

Tangible

Extranet data

Supplier contract data

5

Tangible

Extranet data

Supplier financial data

5

Tangible

Extranet data

Supplier contact data

3

Tangible

Extranet data

Supplier collaboration application

3

Tangible

Extranet data

Supplier cryptographic keys

5

Tangible

Extranet data

Supplier credit reports

3

Tangible

Extranet data

Supplier purchase order data

3

Tangible

Internet data

Web site sales application

5

Tangible

Internet data

Web site marketing data

3

Tangible

Internet data

Customer credit card data

5

Tangible

Internet data

Customer contact data

3

Tangible

Internet data

Public cryptographic keys

1

Tangible

Internet data

Press releases

1

Tangible

Internet data

White papers

1

Tangible

Internet data

Product documentation

1

Tangible

Internet data

Training materials

3

Intangible

Reputation

 

5

Intangible

Goodwill

 

3

Intangible

Employee moral

 

3

Intangible

Employee productivity

 

3

IT Services

Messaging

E-mail/scheduling (for example, Microsoft Exchange)

3

IT Services

Messaging

Instant messaging

1

IT Services

Messaging

Microsoft Outlook® Web Access (OWA)

1

IT Services

Core infrastructure

Active Directory® directory service

3

IT Services

Core infrastructure

Domain Name System (DNS)

3

IT Services

Core infrastructure

Dynamic Host Configuration Protocol (DHCP)

3

IT Services

Core infrastructure

Enterprise management tools

3

IT Services

Core infrastructure

File sharing

3

IT Services

Core infrastructure

Storage

3

IT Services

Core infrastructure

Dial-up remote access

3

IT Services

Core infrastructure

Telephony

3

IT Services

Core infrastructure

Virtual Private Networking (VPN) access

3

IT Services

Core infrastructure

Microsoft Windows® Internet Naming Service (WINS)

1

IT Services

Other infrastructure

Collaboration services (for example, Microsoft SharePoint®)

 

This accelerator is part of a larger series of tools and guidance from Solution Accelerators.
Download

Get the Security Risk Management Guide
Solution Accelerator Notifications

Sign up to stay informed
Feedback

Send us your comments or suggestions