Information and Assets Valuation | CISSP Certification Training
Information and assets valuation is a major concept of CISSP certification and anyone looking forward towards attaining a Certified Information Systems Security Professional needs to understand this concept with in depth knowledge. Let’s discuss the same in this post.
The value placed on information is relative to the parties involved, what work was required to develop it, how much it costs to maintain, what damage would result if it were lost or destroyed, what enemies would pay for it, and what liability penalties could be endured. If a company does not know the value of the information and the other assets it is trying to protect, it does not know how much money and time it should spend on protecting them. While assigning values to assets, one needs to consider certain issues which are stated as below.
- Cost to acquire or develop the asset
- Cost to maintain and protect the asset
- Value of the asset to owners and users
- Value of the asset to adversaries
- Value of intellectual property that went into developing the information
- Price that others are willing to pay for the asset
- Cost to replace the asset if lost or damaged
- Operational and production activities that are affected if the asset is unavailable
- Liability issues if the asset is compromised
- Usefulness and role of the asset in the organization
Understanding the value of an asset is the first step to understanding what security mechanisms should be utilized and what funds should go toward protecting it.
Assets may be tangible like computers, facilities, supplies or it can be intangible like reputation, data, and intellectual property. It is usually harder to quantify the values of intangible assets, which may change over time. The value of an asset should reflect all identifiable costs that would arise if there were an actual impairment of the asset.
These were the basics on information and assets valuation. To know more about information and assets valuation, you can explore our training courses on Certified Information Systems Security Professional exam. Simplilearn offers extensive CISSP certification training
from expert tutors.