Information security is the preservation of confidentiality and integrity and the availability of assets. Assets have intrinsic value to the business and are classified into various types. The type of asset and its value are used to determine the required level of security assurance.
This chapter provides an overview of asset security. The concepts and techniques that pertain to information assets are covered in detail throughout this chapter. Data security concepts and controls are also covered in detail using suitable illustration and examples.
This chapter covers the following:
Asset protection forms the baseline for security. Unintended disclosure, unauthorized modification, or destruction of an asset can affect security. In other words, confidentiality, integrity, and/or availability requirements will be affected.
As covered in Chapter 1, Day 1 – Security and Risk Management - Security, Compliance, and Policies, assets are grouped based on their type, such as physical, hardware, information, and so on. Similarly, assets are further classified based on their value and sensitivity. Value can be monetary or based on other qualitative factors, such as loss in terms of people, property, or image. Sensitivity is based on confidentiality factors and the effect of disclosure to national security. For corporations, sensitivity is based on the extent of the loss of corporate image.
Observe the following illustration: