Overview of asset security - information and asset classification

Asset protection forms the baseline for security. Unintended disclosure, unauthorized modification, or destruction of an asset can affect security. In other words, confidentiality, integrity, and/or availability requirements will be affected.

As covered in Chapter 1, Day 1 – Security and Risk Management - Security, Compliance, and Policies, assets are grouped based on their type, such as physical, hardware, information, and so on. Similarly, assets are further classified based on their value and sensitivity. Value can be monetary or based on other qualitative factors, such as loss in terms of people, property, or image. Sensitivity is based on confidentiality factors and the effect of disclosure to national security. For corporations, sensitivity is based on the extent of the loss of corporate image.

Observe the following illustration: