identify assets and their criteria
For our risk analysis, we need a list of our assets on which an assessment needs to be performed and their security criteria.
Consider the following questions:
- What information assets are of most value to your organization?
- What information assets are used in day-to-day work processes and operations?
- What information assets, if lost, would significantly disrupt your or- ganization’s ability to accomplish its goals and contribute to achieving the organization’s mission?
- What information assets, if compromised, might contribute to harm being inflicted on the organization or people we care about?
- What other assets are closely related to these assets?
Edited by groente