Access Keys:
Skip to content (Access Key - 0)

Information, Application and Authorization Inventory Landing Page

For more information on securing your data, see Information Protection @ MIT.

On this page:

Overview

Knowing where information resides, either electronically or physically, is a key step in securing that information.  Building an inventory to capture where information, including administrative and research data, is and who has access to it starts with creating and maintaining an information inventory (including classification level, information owner, and users with access); creating and maintaining an inventory of systems (including device ownership, contact information, and network configuration); and maintaining a list of applications (including assigned risk classification level, data volume, and users with access). 

There are many ways to inventory information, systems, and applications. In addition to the simple examples below, the National Institute of Standards and Technology (NIST) also has an inventory template that may be helpful.

Creating an Information Inventory

The inventory should account for data in electronic and hard copy format

Description Risk Level Location Data Owner Accessed by
Student Transcripts High File cabinet in room X-11    
Project Documentation Low Team Dropbox folder    
Experimental data Low Lab server in room Y-12    

Creating a System Inventory

A list of all systems under your area of responsibility that transmit, process, and/or store data.  If you are using an endpoint monitoring platform such as SCCM or Casper, you will already have an inventory of devices there. Any systems with public or reserved private IP address will also be in Moira.

Device Name/Host name IP MAC address Wired/Wireless Type of device Operating System Location (Building/Room) System Owner Risk Level of Data
mycomputer.mit.edu 18.x.x.x   Wired Desktop Linux (Redhat...) X-00, 111   Medium
yourcomputer Dynamic aa:bb:cc:dd:ee:ff
Wireless/Wired Laptop MacOS
  Low
thisserver.mit.edu 18.x.x.x   Wired Server Windows Server 2012 OC11 Data Center IS&T (OS level patching) High

Creating an Application Inventory

For application that is handling MIT information, identify an application owner, which may be different from the system owner. 

Application Name Location Applications Risk Level Application Owner/Support Contact User Access
Student grade app SaaS product web server/web portal High    
MITSIS IS&T Server sql database, web server High IS&T  
Lap SFTP Server in X-12 sftp server Low    

See Also

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

February 12, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
infoprotect infoprotect Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki