Information Asset Profiling

June 2005 • Technical Note

James F. Stevens Contributor Richard A. Caralli, Bradford J. Willke

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2005-TN-021

DOI (Digital Object Identifier):

10.1184/R1/6574418.v1

Subjects

Cyber Risk and Resilience ManagementCyber Risk and Resilience Management

Abstract

The steadily increasing technical and environmental complexity of today's globally networked economy presents many obstacles to organizations as they attempt to protect their information assets. Information assets are constantly processed and combined to form new information assets. The line between ownership and custodianship of information assets blurs as information freely flows throughout an organization and often crosses outside organizational boundaries to other entities such as partners, customers, and suppliers. The CERT Survivable Enterprise Management group at the Software Engineering Institute developed the Information Asset Profiling (IAP) process as a tool to help organizations begin to address these security challenges.

The authors describe IAP, a documented and repeatable process for developing consistent asset profiles. They also explain how the development of an information asset inventory using the IAP process provides a strong basis for organizations to begin to identify and address their information security needs.

Download PDF

Cite This Report

SEI

Stevens, James; Caralli, Richard; & Willke, Bradford. Information Asset Profiling. CMU/SEI-2005-TN-021. Software Engineering Institute, Carnegie Mellon University. 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7443

IEEE

Stevens. James, Caralli. Richard, and Willke. Bradford, "Information Asset Profiling," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2005-TN-021, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7443

APA

Stevens, James., Caralli, Richard., & Willke, Bradford. (2005). Information Asset Profiling (CMU/SEI-2005-TN-021). Retrieved April 01, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7443

CHI

James Stevens, Richard Caralli, & Bradford Willke. Information Asset Profiling (CMU/SEI-2005-TN-021). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7443

MLA

Stevens, James., Caralli, Richard., & Willke, Bradford. 2005. Information Asset Profiling (Technical Report CMU/SEI-2005-TN-021). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7443

BibTex

@techreport{StevensInformationAsset2005,
title={Information Asset Profiling},
author={James Stevens and Richard Caralli and Bradford Willke},
year={2005},
number={CMU/SEI-2005-TN-021},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7443} }

Ask a question about this Technical Note

Software Engineering Institute