Information, Application and Authorization Inventory Landing Page
For more information on securing your data, see Information Protection @ MIT. |
On this page:
Overview
Knowing where information resides, either electronically or physically, is a key step in securing that information. Building an inventory to capture where information, including administrative and research data, is and who has access to it starts with creating and maintaining an information inventory (including classification level, information owner, and users with access); creating and maintaining an inventory of systems (including device ownership, contact information, and network configuration); and maintaining a list of applications (including assigned risk classification level, data volume, and users with access).
There are many ways to inventory information, systems, and applications. In addition to the simple examples below, the National Institute of Standards and Technology (NIST) also has an inventory template that may be helpful.
Creating an Information Inventory
The inventory should account for data in electronic and hard copy format
Description | Risk Level | Location | Data Owner | Accessed by |
---|---|---|---|---|
Student Transcripts | High | File cabinet in room X-11 | ||
Project Documentation | Low | Team Dropbox folder | ||
Experimental data | Low | Lab server in room Y-12 |
Creating a System Inventory
A list of all systems under your area of responsibility that transmit, process, and/or store data. If you are using an endpoint monitoring platform such as SCCM or Casper, you will already have an inventory of devices there. Any systems with public or reserved private IP address will also be in Moira.
Device Name/Host name | IP | MAC address | Wired/Wireless | Type of device | Operating System | Location (Building/Room) | System Owner | Risk Level of Data |
---|---|---|---|---|---|---|---|---|
mycomputer.mit.edu | 18.x.x.x | Wired | Desktop | Linux (Redhat...) | X-00, 111 | Medium | ||
yourcomputer | Dynamic | aa:bb:cc:dd:ee:ff |
Wireless/Wired | Laptop | MacOS | |
Low | |
thisserver.mit.edu | 18.x.x.x | Wired | Server | Windows Server 2012 | OC11 Data Center | IS&T (OS level patching) | High |
Creating an Application Inventory
For application that is handling MIT information, identify an application owner, which may be different from the system owner.
Application Name | Location | Applications | Risk Level | Application Owner/Support Contact | User Access |
---|---|---|---|---|---|
Student grade app | SaaS product | web server/web portal | High | ||
MITSIS | IS&T Server | sql database, web server | High | IS&T | |
Lap SFTP | Server in X-12 | sftp server | Low |