CIR RAR-BIA Identification of Organisational Assets

Written by Moh Heng Goh | Nov 10, 2022 12:31:13 PM

Identification of Organisational Assets

1. Definition of Asset

A component within an organization that has value contributes to business operations (Goh, 2008a) or the operational mission of the business units. Therefore, an appropriate level of protection for the assets within an organization is warranted. Such assets include:

Employees;
Information/Data;
Facilities/ Equipment;
Documents/Publications;
Infrastructure;
Goodwill
Finances; and
Organizational Image.

2. Identifying Information Assets

An Information Asset is organized information that is valuable to those who need it. It needs to be assessed easily. Information Assets comprise a wide range of products, services, and process information and are identified in Figure 6-2. Information Assets can be categorized as:

Data and information;
Network;
Hardware; and
Software and application.

Figure 1: Types of Information Assets

Figure 2: Examples of Each Type of Information Asset

An organization must identify what it is they are trying to protect from the influence of cybercriminals.

Figure 1 and 2 concentrate explicitly on identifying information assets since the key is to focus on managing cyber security incidents affecting these assets.

The list of information assets is non-exhaustive; the amount and type of information assets depend on what an organization’s business functions would require.

Back To

Do You Want to Continue BCM Training onsite or online?

Competency-based Course		Certification Course

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 6 Risk Analysis and Review and Business Impact Analysis 6.5 Identification of Organisational Assets

Note: This version was the draft 2nd Edition being updated by 2023. The numeric in the square bracket [X.X] cross-refers to the actual chapter and section in the 1st Edition.

View full post