identify assets and their criteria

For our risk analysis, we need a list of our assets on which an assessment needs to be performed and their security criteria.

Consider the following questions:

• What information assets are of most value to your organization?
• What information assets are used in day-to-day work processes and operations?
• What information assets, if lost, would significantly disrupt your or- ganization’s ability to accomplish its goals and contribute to achieving the organization’s mission?
• What information assets, if compromised, might contribute to harm being inflicted on the organization or people we care about?
• What other assets are closely related to these assets?