An asset is anything that has value. This includes not only the university's physical information technology equipment, but also its information, software, reputation, people, and services. It is important to identify, classify, track, and assign ownership for the most important assets related to information security and information privacy, to ensure they are adequately safeguarded.
Safeguards for Domain 4, Information Security & Privacy Program
Responsibility for assets
Information classification
Summary of domain objectives
The primary objectives of this domain are to ensure:
- all important assets are accounted for
- all important assets have an assigned owner responsible for maintaining and protecting the assets
- information is classified to assist in the selection of appropriate safeguards
Supplemental resources
- What is institutional data? | IU Knowledge Base
- Protection of Sensitive Institutional and Personal Data
- NIST Special Publication 800-88 Guidelines for Media Sanitization
- EDUCAUSE/Internet2 Information Security Guide: Asset Management
- Do you plan to travel abroad and take your university issued laptop computer, digital storage device, or any encryption products with you? The Export Control Office in the Office of Research Administration can help you determine if your university-issued electronic components require a license prior to international travel, can provide tips for international travel with information stored on electronic components, and can provide a list of sanctioned and restricted parties and entities with whom IU is prohibited by federal law from doing business with. Contact them at export@iu.edu.