How is Asset tagging within Qualys used at UIC?

Overview

With Qualys, Asset Tags are how we organize our assets for easy sorting, and to be able to view them in the Global IT Asset View easily.

Technology Solutions has created a naming convention for UIC's tagging scheme, with examples of each. This list is a sampling of the types of tags to use and how they can be used. It is not a comprehensive list and units may contact the Security team to discuss creating their own tags as needed.

Example tags in Technology Solutions naming convention

Business Units

The top-level of our users. All Assets will belong to a Business Unit which corresponds to the unit that owns it. All Business Units will have a prefix of 'BU-".

  • BU-COM
  • BU-LAS
  • BU-ACCC

Asset Groups

This defines a group of assets within a Business Unit.  All asset groups will have a prefix of  'AG-'.

  • AG - ACCC
  • AG - Pharmacy Chicago
    • AG- Pharmacy Chicago Static NAT’s

Asset Types

Identifies the type of asset. This allows you to sort your assets quickly. All asset types with have a prefix of 'Type-".

  • Type-Domain Controller
  • Type-ESX Server
  • Type-Server
  • Type-Workstation

Operating Systems

All Operating systems will have a prefix of "OS-".

  • OS-MacOS
  • OS-RHEL 7.x
  • OS-Ubuntu
  • OS-Windows 10
  • OS-Windows Server 2012
  • OS-Windows Servers (ALL)

Data Type

This allows us to organize potentially sensitive data. All data type tags will have a prefix pf “Data-

  • Data-FERPA
  • Data-PHI
  • Data-SSN

Data Classification

How is the data on this asset classified? All data  classification tags will have a prefix of “Class-

  • Class-High-Risk
  • Class-Sensitive
  • Class-Internal

With these asset tags applied to the assets that are added into Qualys, each unit can organize their assets and data related to these assets in order to better use the Qualys system.