IT Security Information - IT Asset Inventory

Last Updated: 05/01/2017

Background and Policies

One of the most important steps in IT management and IT security is understanding what physical and virtual IT assets an organization owns and manages.  A good inventory provides information that is useful to daily system management, business office asset tracking, and security incident response.  The University of Colorado has also developed a system-wide policy that requires departments to maintain IT asset inventories which can be found here:

IT Security Program Policy

Asset inventory guidance

To assist in the process of creating IT asset inventories, the IT Security Office has created the following guidance documents and templates for both departments with existing inventories and departments that are creating one for the first time.  

Departments undertaking an IT asset inventory for the first time should read this document discussing the process in general, as well as the specific campus needs: Asset inventory guidance for departments without an existing inventory

Departments looking to augment an existing inventory and learn about new requirements should read this document: Asset inventory guidance for departments with existing inventories

Inventory templates

The following two templates are referenced in the guidance documents and can be used to build an asset inventory.

Helpful tools

To assist departments in locating files containing social security numbers or credit card numbers, OIT provides Identity Finder for Windows and Macintosh, and recommends University of Texas's SENF for Linux.  You can find out more here:

highly confidential data Search Software

  • Identity Finder - Recommended tool for Windows and Macintosh.
  • SENF - Recommended tool for Linux

Highly Confidential Data reference guides

These quick reference guides help departments make decisions on how to handle highly confidential data they have identified within their department.