This article is for Risk Managers
Definition of Assets in Risk Management
An asset is anything of value or importance to an organization that must be protected. Assets are its resources or other values that any business must have in order to function. It does not matter whether the asset is tangible or intangible.
- Assets include resources or other valuable items essential for a business to function.
- Assets are risk sources
- Assets can be either tangible or intangible.
Types of Assets in Risk Management:
- Physical Assets: Buildings, equipment, machinery, and infrastructure.
- Human Assets: Employees, contractors, and their skills, expertise, and health.
- Information Assets: Data, intellectual property, trade secrets, and proprietary processes.
- Reputational Assets: Brand equity, customer trust, and public perception.
- Financial Assets: Cash, investments, and accounts receivable.
- Technological Assets: IT systems, software, and networks.
- Services: e.g. electricity supply, cloud services
Why protect business assets, what problems and risks can arise
To run the business is the importance of assets mainly determined by the availability and the quality. The practice distinguishes three basic types of risks and problems that damage risks can cause:
- The unavailability or loss of an asset means that the asset simply does not exist and therefore the processes cannot function
- Damage to an asset means that its quality is reduced, which means that the process or decision making is bad
- Misuse of an asset means that it can be used by a competitor or an attacker
Each asset has different importance and criticality to the organization
Understandably, each asset has a different importance and criticality depending on how significant an impact the failure of the given asset has on the running the business. The importance of an asset to an organization is most often assessed on four levels.
- Critically important assets are those whose unavailability leads to immediate serious impacts on the organization, endangering the operation and day-to-day run. For example, it can stops the production.
- Highly important assets - unavailability means serious harm, but will not threaten the existence or operation of the company on a daily basis
- Medium important assets, their loss results in minor damage that can be easily fixed
- Low importance assets, their loss is at the level of discomfort but does not affect the company's operation
Assets from a risk management, security and operational perspective
- since assets are important to the running the business, they must be adequately protected so that the organization does not lose them
- the unavailability or limitation of an asset may endanger or limit the running of business processes
- threats to the assets means that they are a source of risk
- the goal of risk management is to protect assets from them
- every asset has some weaknesses and vulnerabilities that increase the risks