This article is for IT managers, information and cybersecurity security managers.
Definition of Information Assets
Primary information assets are the data, information and knowledge that an organization needs to run its operations and making decisions. They are always somewhere stored, processed or provided either by software, or on paper or in people's minds. When primary assets are disrupted, the organization cannot run and making decision and management cannot take place.
- it is controlled and organized collection of data, information or knowledge that has value to the organization
- primary assets depends on support assets
- primary assets are only available if the supporting assets are available and working
See here how to identify data information assets and their examples
Examples and types of information assets
Each organization has a different list of its information assets, depending on its line of business. However, you won't go wrong if you start from the following list, where most companies will hit:
- Your business data, orders, project data etc
- Customer Databases: Contain vital details about clients, such as contact information and purchase history.
- Financial Records: Include balance sheets, income statements, and tax documents.
- Employee Records: Personal details, performance reviews, and payroll information.
- Research and Development Data: Innovations, experiment results, and product development plans.
- Your know-how
- Product data: production SOP, technologies (e.g. recipe, source code)
- Login data (for banking, other systems)
- All information marked as confidential
Why you need to know your information assets
- The determination of information assets is the first step of information security risk analysis
- Together with threats and vulnerabilities, they help identify risks
- How to identify information assets see here.
How to keep information assets inventory
- How to keep a catalog of information assets see here
- For the purposes of complying information security standards such ISO 27 000 or NIS2, you must also keep the dependencies between information and supporting IT assets.