One very neglected aspect of ones personal belongings is that of maintaining an inventory. We tend to know by heart what kind of assets we have - at least those with the highest importance.
When it really comes to knowing your informational assets, things can easily get blurry, reason why an information asset inventory is helpful. In this current age, we tend to amass a lot of information in various formats - be it photos, text files with passwords in them, copies of our passports, receipts, contracts, work documents and so on.
It gets even more complicated when we need to share these assets with various parties through various mediums. This ends up in people having various files spread out through USB sticks, cloud storage providers, their own computers, other peoples computers (cloud included) - ultimately not knowing what or where they have it.
To get an idea of where are my informational assets and how I'm handling them, I've started an inventory based on the steps below.
1. List all known devices and storage mediums (be it locally stored, cloud based on paper based
It makes it easier when all of these are labeled and organized, giving you an easy start.
Note - There might be cases where you have some forgotten cloud storage accounts that you haven't used in years.
Example - HDD from your laptop, external HDD, USB sticks, cloud storage accounts, CDs/DVDs, file cabinets etc
2. List what kind of information you have on all storage mediums
Simply start by listing all informational assets (all files and document) that have a certain value to you. This value can come in various forms - files that you used for work, that you shared with other people, that you need to keep for any reason imaginable.
Example - emails, credentials (username and passwords), work related, contracts, receipts, photos, diplomas etc
By going through the list of storage mediums, you can quickly identify things like duplicate and outdated files.
Listing and (re)structuring your files the way it makes sense for you will also help to properly keep track of them.
Note - This is very subjective. The way you organize your files depends on how you see your "world" organized.
Example - payslips from your employer can be either considered a "financial document" or a "job-specific document".
3. Identify the way you interact with them
For virtual assets, this means to list applications interacting with them.
Example - For emails you probably use a desktop client like Thunderbird or the web client (e.g. mail.google.com) through a browser like Chrome
This will give a good idea on which applications are you dependent on and will help to assess the risk later on.
Creating this inventory can be more tangible by using a template. The ones mentioned below contain attributes not mentioned in this post but can be very relevant for future reference.
- available on Google sheets format to use in Google Drive - access here
- in .ODS format to use with Office software - download here
After identifying information assets, the next step is to understand how to classify it based on sensitivity and type. This gives one knowledge on how data should be handled and what kind of expectations should be set for companies that are processing the data.