Information Asset Register
First and foremost requirement of "Information Security Regulation" (ISR) is to have a company wide Information Asset Register. It Identifies & documents all information assets, including the information and data assets and the related information processing facilities and components, such as software assets, people assets, physical assets, etc. and consider other details such as, physical location, license details, business value, and any other necessary information that may be required to avoid risks and recover from disasters.
You have to create a Program module “Information Asset Register” which covers all the requirements of a successful information asset register. Everyone will be update the asset under there department as per the definition of assets given.
The Information Asset Register will be used to support the ISR Objective of developing and maintain an Information Asset Register. This will ensure that all critical or important (i.e., high and medium risk) information is identified and monitored for the purpose of protection and risk management.
The Program module will allow departments and functions in custody of valuable information to list these down and maintain such in a secured environment or system. Such facility will also enable the information custodians to provide and save pertinent and useful information such as information asset type, location, relevant system/process or sub system, origin or source, data classification, and risk type, among others.
Asset Register, Storage details Data Owners/Custodian/Users are the important part of the program which will cover the details of information asset, its storage, it’s sharing and risk associated with it.
While entering in the Information Asset Register user needs to first identify their information under which category they fall. To support this formulated and finalized few policies like Data Ownership Policy, Data Classification Policy and Data Retention Policy. These policies will clarify and identify how and what type of data requires which level of classification.
Once populated the Information Asset Register will identify the key areas which needs to be protected and also the Risk Assessment will identify the risk associated with it which needs to be mitigated.
Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.
Please Follow us.
Facebook Profile
Google+
facebook Page
Youtube
No comments:
Post a Comment