This appendix lists information system assets commonly found in organizations of various types. It is not intended to be comprehensive, and it is unlikely that this list will represent all of the assets present in your organization's unique environment. Therefore, it is important that you customize the list during the Assessing Risk phase of your project. It is provided as a reference list and a starting point to help your organization get underway.
| Asset Class | Overall IT Environment | Asset Name | Asset Rating |
|---|
| Highest level description of your asset | Next level definition(if needed) | Asset Value Rating, see Group definition tab (1-5) |
Tangible | Physical infrastructure | Data centers | 5 |
Tangible | Physical infrastructure | Servers | 3 |
Tangible | Physical infrastructure | Desktop computers | 1 |
Tangible | Physical infrastructure | Mobile computers | 3 |
Tangible | Physical infrastructure | PDAs | 1 |
Tangible | Physical infrastructure | Cell phones | 1 |
Tangible | Physical infrastructure | Server application software | 1 |
Tangible | Physical infrastructure | End-user application software | 1 |
Tangible | Physical infrastructure | Development tools | 3 |
Tangible | Physical infrastructure | Routers | 3 |
Tangible | Physical infrastructure | Network switches | 3 |
Tangible | Physical infrastructure | Fax machines | 1 |
Tangible | Physical infrastructure | PBXs | 3 |
Tangible | Physical infrastructure | Removable media (tapes, floppy disks, CD-ROMs, DVDs, portable hard drives, PC card storage devices, USB storage devices, and so on.) | 1 |
Tangible | Physical infrastructure | Power supplies | 3 |
Tangible | Physical infrastructure | Uninterruptible power supplies | 3 |
Tangible | Physical infrastructure | Fire suppression systems | 3 |
Tangible | Physical infrastructure | Air conditioning systems | 3 |
Tangible | Physical infrastructure | Air filtration systems | 1 |
Tangible | Physical infrastructure | Other environmental control systems | 3 |
Tangible | Intranet data | Source code | 5 |
Tangible | Intranet data | Human resources data | 5 |
Tangible | Intranet data | Financial data | 5 |
Tangible | Intranet data | Marketing data | 5 |
Tangible | Intranet data | Employee passwords | 5 |
Tangible | Intranet data | Employee private cryptographic keys | 5 |
Tangible | Intranet data | Computer system cryptographic keys | 5 |
Tangible | Intranet data | Smart cards | 5 |
Tangible | Intranet data | Intellectual property | 5 |
Tangible | Intranet data | Data for regulatory requirements (GLBA, HIPAA, CA SB1386, EU Data Protection Directive, and so on.) | 5 |
Tangible | Intranet data | U.S. Employee Social Security numbers | 5 |
Tangible | Intranet data | Employee drivers' license numbers | 5 |
Tangible | Intranet data | Strategic plans | 3 |
Tangible | Intranet data | Customer consumer credit reports | 5 |
Tangible | Intranet data | Customer medical records | 5 |
Tangible | Intranet data | Employee biometric identifiers | 5 |
Tangible | Intranet data | Employee business contact data | 1 |
Tangible | Intranet data | Employee personal contact data | 3 |
Tangible | Intranet data | Purchase order data | 5 |
Tangible | Intranet data | Network infrastructure design | 3 |
Tangible | Intranet data | Internal Web sites | 3 |
Tangible | Intranet data | Employee ethnographic data | 3 |
Tangible | Extranet data | Partner contract data | 5 |
Tangible | Extranet data | Partner financial data | 5 |
Tangible | Extranet data | Partner contact data | 3 |
Tangible | Extranet data | Partner collaboration application | 3 |
Tangible | Extranet data | Partner cryptographic keys | 5 |
Tangible | Extranet data | Partner credit reports | 3 |
Tangible | Extranet data | Partner purchase order data | 3 |
Tangible | Extranet data | Supplier contract data | 5 |
Tangible | Extranet data | Supplier financial data | 5 |
Tangible | Extranet data | Supplier contact data | 3 |
Tangible | Extranet data | Supplier collaboration application | 3 |
Tangible | Extranet data | Supplier cryptographic keys | 5 |
Tangible | Extranet data | Supplier credit reports | 3 |
Tangible | Extranet data | Supplier purchase order data | 3 |
Tangible | Internet data | Web site sales application | 5 |
Tangible | Internet data | Web site marketing data | 3 |
Tangible | Internet data | Customer credit card data | 5 |
Tangible | Internet data | Customer contact data | 3 |
Tangible | Internet data | Public cryptographic keys | 1 |
Tangible | Internet data | Press releases | 1 |
Tangible | Internet data | White papers | 1 |
Tangible | Internet data | Product documentation | 1 |
Tangible | Internet data | Training materials | 3 |
Intangible | Reputation | | 5 |
Intangible | Goodwill | | 3 |
Intangible | Employee moral | | 3 |
Intangible | Employee productivity | | 3 |
IT Services | Messaging | E-mail/scheduling (for example, Microsoft Exchange) | 3 |
IT Services | Messaging | Instant messaging | 1 |
IT Services | Messaging | Microsoft Outlook® Web Access (OWA) | 1 |
IT Services | Core infrastructure | Active Directory® directory service | 3 |
IT Services | Core infrastructure | Domain Name System (DNS) | 3 |
IT Services | Core infrastructure | Dynamic Host Configuration Protocol (DHCP) | 3 |
IT Services | Core infrastructure | Enterprise management tools | 3 |
IT Services | Core infrastructure | File sharing | 3 |
IT Services | Core infrastructure | Storage | 3 |
IT Services | Core infrastructure | Dial-up remote access | 3 |
IT Services | Core infrastructure | Telephony | 3 |
IT Services | Core infrastructure | Virtual Private Networking (VPN) access | 3 |
IT Services | Core infrastructure | Microsoft Windows® Internet Naming Service (WINS) | 1 |
IT Services | Other infrastructure | Collaboration services (for example, Microsoft SharePoint®) | |