Information Asset Profiling

Abstract

The steadily increasing technical and environmental complexity of today's globally networked economy presents many obstacles to organizations as they attempt to protect their information assets. Information assets are constantly processed and combined to form new information assets. The line between ownership and custodianship of information assets blurs as information freely flows throughout an organization and often crosses outside organizational boundaries to other entities such as partners, customers, and suppliers. The CERT Survivable Enterprise Management group at the Software Engineering Institute developed the Information Asset Profiling (IAP) process as a tool to help organizations begin to address these security challenges. The authors describe IAP, a documented and repeatable process for developing consistent asset profiles. They also explain how the development of an information asset inventory using the IAP process provides a strong basis for organizations to begin to identify and address their information security needs.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2005
Accession Number
ADA441305

Entities

People

  • Bradford J. Willke
  • James F. Stevens
  • Richard A. Caralli

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Cyber

DTIC Thesaurus Topics

  • Boundaries
  • Commerce
  • Contractors
  • Cybersecurity
  • Engineering
  • Governments
  • Information Security
  • Information Systems
  • Intellectual Property
  • Law
  • Personnel Management
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Software Development
  • Vulnerability

Readers

  • Cybersecurity.
  • Organizational Process Management (OPM).
  • Strategic Security Studies