# Data Inventory and Asset Register One-sentence definition: Authoritative records of information assets, locations, owners, and classifications. ## Key Facts - CMDB/asset tools track systems, datasets, flows, owners. - Discover shadow assets via scanning, CASB, and IAM analytics. - Include SaaS apps, mobile devices, and removable media. - Inventory feeds DLP, access reviews, and risk assessments. - Keep current through CI/CD hooks and procurement gates. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose methods to find unsanctioned data stores. **Mnemonic:** “You can’t protect what you don’t know.” ## Mini Scenario Q: Teams using rogue spreadsheets with PII—first step? A: Discover and register assets; apply classification and controls. ## Revision Checklist - List 4 inventory data points. - Name two discovery methods. - Link inventory to control selection. ## Related [[Information and Asset Ownership]] · [[Shadow IT and Unsanctioned Data Stores]] · [[Data Classification Levels and Handling Rules]] · [[Data Loss Prevention (DLP)]] · [[CASB and SSPM/CSPM Overview]] · [[Domain 2 - Index]]