Professional Documents
Culture Documents
Approved by:
NAME <date of approval>
TITLE
FEWA Internal
Page 2 of 11 Version 1.0
Table of Contents
1 OBJECTIVE .................................................................................................................................... 4
2 SCOPE AND APPLICABILITY ........................................................................................................... 4
3 POLICY .......................................................................................................................................... 5
3.2 RESPONSIBILITY FOR ASSETS POLICIES ................................................................................................. 6
3.3 INVENTORY OF ASSETS..................................................................................................................... 6
3.4 ASSET CATEGORIES ......................................................................................................................... 7
3.5 ACCEPTABLE/GENERAL USE: ............................................................................................................ 8
3.6 UNACCEPTABLE USE: ...................................................................................................................... 8
3.7 PROTECTION................................................................................................................................ 10
4 COMPLIANCE .............................................................................................................................. 11
5 RELATED DOCUMENTS ................................................................................................................ 11
FEWA Internal
Page 3 of 11 Version 1.0
1 Objective
To ensure that all information assets of FEWA are identified, inventoried, and
assigned owners;
Ensure that appropriate handling procedures are implemented for the information
categories
To ensure that the criticality of each asset to FEWA's business purposes (i.e., goals
and objectives) is known and that the asset is appropriately managed and protected
throughout its lifecycle.
Inventory and classify all assets to ensure appropriate protections according to their
classification.
Define roles and responsibilities to achieve and maintain appropriate protection of
the FEWAs assets.
Prevent unauthorized disclosure, modification, removal, or destruction of
information assets that could impact availability, integrity, and confidentiality.
This policy applies to all FEWA information/data, including (but not limited to) all services,
processes, systems, assets and components managed by Information and Communication
Technology and Operation Technology Departments.
FEWA Internal
Page 4 of 11 Version 1.0
3 Policy
FEWA Internal
Page 5 of 11 Version 1.0
3.1.1 Secure log-on procedures shall be in place, taking into consideration following
requirements:
Warning banners.
Protection against brute force.
FEWA Internal
Page 6 of 11 Version 1.0
3.3.4 Maintenance of the information asset inventory shall be facilitated in accordance
with the change management and risk management processes, to address accurate
updates of the entitys information asset inventory list.
3.3.5 Change management, risk management, resource management and business
continuity plans shall take into consideration an assets criticality/business relevance.
3.3.6 Ownership, Responsibility and Accountability of assets shall be established:
Information Asset Owners/Systems Administrator of assets such as
Hardware, Software, Data Stores shall be identified and shall be
accountable for the asset.
All stakeholders involved in the asset management lifecycle shall be made
aware of, and have access to, the asset management policy, processes and
procedures in place.
Asset owner/Systems Administrator shall ensure all assets are properly
inventoried, classified, securely protected and reviewed.
Asset owner shall ensure secure handling when the asset is
decommissioned or destroyed.
Asset owner/Systems Administrator shall also be responsible for:
Approving access to the asset.
Approving and reviewing security measures for assets.
Recommending additional controls or advising against controls in
light of system criticality and cybersecurity risk.
Ensuring all legal requirements related to the asset are met.
FEWA Internal
Page 7 of 11 Version 1.0
Physical Assets / Infrastructure
Information Softcopy
Information - Hardcopy
Software
Services
Personnel
FEWA Internal
Page 8 of 11 Version 1.0
installation or distribution of "pirated" or other software products
that are not appropriately licensed for use by FEWA.
Unauthorized copying of copyrighted material and the installation
of any copyrighted software for which FEWA does not have license
is strictly prohibited.
Introduction of malicious programs into the network or server (e.g.,
viruses, worms, Trojan horses, etc.).
Revealing account password to others or allowing use of your
account by others. This includes employees who are not a custodian
of the system.
Security breaches include, but are not limited to, accessing data of
which the employee is not an intended recipient or logging into a
FEWA Internal
Page 9 of 11 Version 1.0
server or account that the employee is not expressly authorized to
access, unless these duties are within the scope of regular duties.
Circumventing user authentication or security of any host, network
or account. o Interfering with, or denying service to, any user in
computers (for example, denial of service attack).
Using any program/script/command, or sending messages of any
kind, with the intent to interfere with, or disable, via any means,
locally or via Network.
Printers shall not be used for printing personal documents and shall
not be shared with other business systems.
System display screens/monitors shall be used only for their
intended purpose. Any input facility (USB, Speaker, etc.) on the
screen shall not be used.
Bringing your own device (BYOD) and personal equipment.o
Sharing critical/sensitive system information to others without
approval.
3.7 Protection
FEWA assets and organizational records shall be protected from loss,
destruction and unauthorized access.
The media for storage of records should be accordingly identified to
safeguard against loss of data.
FEWA Internal
Page 10 of 11 Version 1.0
4 Compliance
5 Related Documents
FEWA Internal
Page 11 of 11 Version 1.0