Asset (computing)
   HOME

TheInfoList



Click Here for Items Related To - Asset (computing)
OR:
Asset (computing) on:   [Wikipedia]   [Google]   [Amazon]

In
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
,
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
and
network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information.ISO/IEC 13335-1:2004 Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management
/ref> Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization."An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006
;


The CIA triad

The goal of
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
is to ensure the
confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...
,
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. Inte ...
and
availability In reliability engineering, the term availability has the following meanings: * The degree to which a system, subsystem or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at a ...
(CIA) of assets from various
threats A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation for co ...
. For example, a
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
might attack a system in order to steal credit card numbers by exploiting a
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
. Information Security experts must assess the likely impact of an attack and employ appropriate
countermeasures A countermeasure is a measure or action taken to counter or offset another one. As a general concept, it implies precision and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process. The fi ...
.IETF In this case they might put up a
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spr ...
and
encrypt In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
their credit card numbers.


Risk analysis

When performing
risk assessment Broadly speaking, a risk assessment is the combined effort of: # identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e. hazard analysis); and # making judgments "on the ...
, it is important to weigh how much to spend protecting each asset against the cost of losing the asset. It is also important to take into account the chance of each loss occurring. Intangible costs must also be factored in. If a hacker makes a copy of all a company's credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous.


See also

*
Countermeasure (computer) In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so ...
* Factor analysis of information risk *
Information security management Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The cor ...
*
IT risk Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Re ...
*
Risk factor In epidemiology, a risk factor or determinant is a variable associated with an increased risk of disease or infection. Due to a lack of harmonization across disciplines, determinant, in its more widely accepted scientific meaning, is often use ...
* Risk management


References


External links


FISMApedia TERM
{{DEFAULTSORT:Asset (Computing) Data security IT risk management Reliability analysis Security compliance