Asset Classification Inventory Spreadsheet Report

Application Information Sensitivity Potential Loss Impact User Access Controls Asset Classification
How do
Can Users View
Asset Users
or edit sensitive
Classification Sensitive Information Type Access the Access Control User Identity Proofing
Data? Confidentiality Integrity Availability User Credential Types Restricted Confidential Internal Public
(check all that (check all that apply) system? Platform (Level of Assurance)
(e.g. PII, BII,
apply) (check all
Confidential)
that apply)

Collected and Verified (Ask from users to verify and validate authentication & authorization)
Employee

Collected (Ask from User to verify authorization)

performance Company

Level 4: Collected (in-person) and Verified

Merger and
evaluations, telephone
acquisition

No Identity Proofing (Single Sign on)

customer directory,

Knowledge-based Authentication
documents,
transaction data, dial-up

ID and SMS or Authenticator

corporate level product and

CNIC / Passport / Tax No.

Web based / Public URL

strategic alliance computer

Extranet (VPN, Token)

Criminal Investigation
S.No Application Description Custodian Owner Department strategic plans, service

Personal Identifiable

One Time Password

agreements, access

Business / Official
Personal Financial
National Security

Personal Medical

Social Security #

Remote Desktop
litigation brochures,

Custom (Code)

and hard token

and biometrics
and soft token
unpublished numbers,

ID/Password

ID/Password

ID/Password

ID/Password
strategy advertiseme

Moderate

Moderate

Moderate
Sensitive
internally new

Internet
Intranet

Level 1:

Level 2:

Level 3:
Secure
Public
memos, reports nts, job

Other

Other

Other
High

High

High

VPN
Low

Low

Low
Yes/No generated market employee
on opening
research, training
breakthrough announcem
computer materials,
new product ents, and
passwords, internal
research, and press
identity token company
Trade Secrets releases
personal portals and
such as certain
identification internal
computer
numbers (PINs), policy
programs
and internal audit manuals
reports

1 Exchange email Communications Platform Infrastructure IT All X X X X X X X X X No X X X X X X X X X

2 Network shares File storage Infrastructure IT All X X X X X X X X X X X Yes X X X X X X X X X X X X X
3 Capital Asset Inventory DB for capital assets Database Team IT Finance X X No X X X X X X X X X

General Ledger, HR,

4 AUC/Admins Revenue Collection, Voter Database Team IT Multiple departments X X X X X X X X X Yes X X X X X X X X X X
Reg DB.

Recreation program
5 talentandacquisition.com IT Marketing Senior Center & Rec X X X X X X X X Yes X X X X X X X X X X
platform

Online Background Check Background check

6 Third Party Corporate Banking Recreation X X X X X X X Yes X X X X X X X X
DB database
7 Public website Public facing website Third Party Marketing Multiple departments X X No X X X X X X X X
8 Firehouse Incident reporting DB SOC Information Security Fire Marshal X X X X X X Yes X X X X X X X X
Building, Planning,
9 GeoTMS Permitting platform Development Team IT X X No X X X X X X X X
Engineering
10 Gmail Email system for Library Infrastructure IT Library X X X No X X X X X X X X

11 Teamviewer/Logmein Remote access Infrastructure IT Multiple departments X X X Yes X X X X X X X X X

12 Persona locks Security software IT Admin Public Works X X No X X X X X X X X
13 Mobotix cameras Camera software IT Admin Public Works X X X Yes X X X X X X X X X
14 Banking Portal Comp portal Development Team IT Town manager X X X X X X Yes X X X X X X X X
15 Online Web Banking Online banking Infrastructure IT Finance X X Yes X X X X X X X X X
16 Invoice Cloud Online tax collection Third Party IT Revenue X X X X Yes X X X X X X X X
State PD Background Background check
17 Third Party HR HR X X X X X X X Yes X X X X X X X X
Check database
18 Social media Twitter/Facebook Third Party Marketing Multiple departments X X X No X X X X X X X
 Severity
6 5 4 3 2 1
Probability

6 36 30 24 18 12 6
5 30 25 20 15 10 5
4 24 20 16 12 8 4
3 18 15 12 9 6 3
2 12 10 8 6 4 2
1 6 5 4 3 2 1

Very High 17 - 36 Probability

High 10 - 16 Likelihood of failure Defination
Medium 5-9 6 Almost certain Once in a week
Low 1-4 5 Highly probable Once in a Month
4 Probable Once in a quarter
3 Cloud Occur Once in a year
2 May Happen Once in half year
1 Unlikely Very low or no probability

Severity
consequences of failure Defination
6 Major Loss of Production and access
5 Significant Limited capability and visibility of the critical asset
4 Important Need to execute DR
3 Notable Restore from backup,
2 Minor Change of Hard drive, RAM
1 Very Minor System reboot, UPS fail, NIC Card Failure
Department/Agency: Sensitivity Potential Loss Impact Us
Can Users View or
How do Users Access the
Data Classification Data Type edit sensitive Data? Access Control
Application Description Confidentiality Integrity Availability system?
(check all that apply) (check all that apply) (eg PII, BII, Platform
(check all that apply)
Confidential)

Sensitive (PII/Confidential)

Personal Identification

Criminal Investigation

Homeland Security
Personal Financial
(Agency Support)

Personal Medical

Social Security #

NJ State Portal
(Core Mission)

Public Safety/
Non-sensitive

GoToMyPC
Moderate

Moderate

Moderate
Sensitive

Sensitive

Extranet
Internet

Intranet
High

High

High

VPN
Low

Low

Low
Yes/No

Energy Supplemental Program Solar energy program for NJ households Yes Yes Yes Yes Yes Yes Yes Yes
 Application

Energy Supplemental Program

Department/Agency:

Description
Platform

Solar energy program for NJ households Yes

Access Control

Custom (Code)

Other

Level 1:
No Identity Proofing
Yes

Level 2:
Collected

Level 3:
Collected and Verified
User Access Controls

(Level of Assurance)
User Identity Proofing

Level 4: Collected (in-person) and

Verified
Yes

Knowledge-based Authentication

ID/Password

ID and SMS
One Time Password

ID/Password
and soft token

ID/Password
and hard token
User Credential Types

ID/Password
and biometrics

Other