In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information.[1][2] Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.[3]
When performing risk assessment, it is important to weigh how much to spend protecting each asset against the cost of losing the asset. It is also important to take into account the chance of each loss occurring. Intangible costs must also be factored in. If a hacker makes a copy of all a company's credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous.
^ISO/IEC 13335-1:2004 Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management
^. Archived from the original on 2012-02-29. Retrieved 2010-11-21.
^"An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006 2014-11-18 at the Wayback Machine;
asset, computer, security, other, uses, asset, disambiguation, information, security, computer, security, network, security, asset, data, device, other, component, environment, that, supports, information, related, activities, assets, generally, include, hardw. For other uses see Asset disambiguation In information security computer security and network security an asset is any data device or other component of the environment that supports information related activities Assets generally include hardware e g servers and switches software e g mission critical applications and support systems and confidential information 1 2 Assets should be protected from illicit access use disclosure alteration destruction and or theft resulting in loss to the organization 3 Contents 1 The CIA triad 2 Risk analysis 3 See also 4 References 5 External linksThe CIA triad editThe goal of information security is to ensure the confidentiality integrity and availability CIA of assets from various threats For example a hacker might attack a system in order to steal credit card numbers by exploiting a vulnerability Information Security experts must assess the likely impact of an attack and employ appropriate countermeasures 4 In this case they might put up a firewall and encrypt their credit card numbers Risk analysis editWhen performing risk assessment it is important to weigh how much to spend protecting each asset against the cost of losing the asset It is also important to take into account the chance of each loss occurring Intangible costs must also be factored in If a hacker makes a copy of all a company s credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous See also editCountermeasure computer Factor analysis of information risk Information security management IT risk Risk factor Risk managementReferences edit ISO IEC 13335 1 2004 Information technology Security techniques Management of information and communications technology security Part 1 Concepts and models for information and communications technology security management ENISA Glossary Archived from the original on 2012 02 29 Retrieved 2010 11 21 An Introduction to Factor Analysis of Information Risk FAIR Risk Management Insight LLC November 2006 Archived 2014 11 18 at the Wayback Machine IETF RFC 2828External links editFISMApedia TERM Retrieved from https en wikipedia org w index php title Asset computer security amp oldid 1137235888, wikipedia, wiki, book, books, library,
