Information asset
Definition
Anything that has value to the organisation by virtue of the information it contains or the information function it performs. Includes data, software, hardware, services, people with specialist knowledge, and intangibles such as reputation. ISO/IEC 27005 defines it as anything that has value and that the organisation is obliged to protect.
Related terms
- Asset inventory (asset register)
- A structured record listing every information asset in scope, together with its owner, custodian, physical or logical location, classification level, criticality rating,...
- Asset owner
- The person or role accountable for ensuring an asset is appropriately classified, protected, and reviewed. The owner is typically a business manager...
- Classification tier
- A label assigned to an asset or data type indicating its sensitivity and the handling rules that apply. Common tiers are Public,...
- Threat
- A potential cause of an unwanted incident that could harm an asset. Threats may be natural (flood, fire), environmental (power failure), human...
- Vulnerability
- A weakness in an asset or in a control protecting that asset, which a threat could exploit to cause harm. Examples: an...
Explained in
- Risk Identification and Asset ClassificationAnything that has value to the organisation by virtue of the information it contains or the information function it performs. Includes data, software, hardware...