Examples would be computers, phones, servers, fax machines, paper, flash drives/removable media, etc.
A good rule of thumb is that if it contains client or business proprietary data, then it should be considered an information asset.
In addition assign an owner, generally a department head, for every asset.
Classify Information Assets Once you have identified the assets, you need to classify them in a level of importance.
Keep your classification system simple with High, Medium, and Low.
Business Security Plan Book Report For Fourth Grade
Assets that contain client information or proprietary company information would obviously have the highest level of importance while assets that contain company marketing information might be given a low classification.
You first need to determine the threat, vulnerability, and impact (TVI) on each individual asset or class of asset.
The threat to the asset would list the different reasons/methods of how the asset could fail.
Once you have identified your information assets, then you will need to tag and inventory the assets.
It can be as simple as using the serial number and description of the asset and inventorying it in an excel spreadsheet to barcoding and tagging each asset and inventorying in a database.