HOME

TheInfoList



Click Here for Items Related To - Asset (computing)
OR:
Asset (computing) on:   [Wikipedia]   [Google]   [Amazon]

In
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
,
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
and network security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information. Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization."An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006
;


The CIA triad

The goal of
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
is to ensure the
confidentiality Confidentiality involves a set of rules or a promise sometimes executed through confidentiality agreements that limits the access to or places restrictions on the distribution of certain types of information. Legal confidentiality By law, la ...
,
integrity Integrity is the quality of being honest and having a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and Honesty, truthfulness or of one's actions. Integr ...
and
availability In reliability engineering, the term availability has the following meanings: * The degree to which a system, subsystem or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at ...
(CIA) of assets from various threats. For example, a
hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
might attack a system in order to steal credit card numbers by exploiting a
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
. Information Security experts must assess the likely impact of an attack and employ appropriate countermeasures.IETF In this case they might put up a
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
and
encrypt In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plai ...
their credit card numbers.


Risk analysis

When performing
risk assessment Risk assessment is a process for identifying hazards, potential (future) events which may negatively impact on individuals, assets, and/or the environment because of those hazards, their likelihood and consequences, and actions which can mitigate ...
, it is important to weigh how much to spend protecting each asset against the cost of losing the asset. It is also important to take into account the chance of each loss occurring. Intangible costs must also be factored in. If a hacker makes a copy of all a company's credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous.


See also

* Countermeasure (computer) *
Factor analysis of information risk Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events ...
*
Information security management Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The ...
*
IT risk It or IT may refer to: * It (pronoun), in English * Information technology Arts and media Film and television * ''It'' (1927 film), a film starring Clara Bow * '' It! The Terror from Beyond Space'', a 1958 science fiction film * ''It!'' (1967 ...
*
Risk factor In epidemiology, a risk factor or determinant is a variable associated with an increased risk of disease or infection. Due to a lack of harmonization across disciplines, determinant, in its more widely accepted scientific meaning, is often use ...
*
Risk management Risk management is the identification, evaluation, and prioritization of risks, followed by the minimization, monitoring, and control of the impact or probability of those risks occurring. Risks can come from various sources (i.e, Threat (sec ...


References


External links

* {{DEFAULTSORT:Asset (Computing) Data security IT risk management Reliability analysis Security compliance