{{short description|Data, device, or other component of a computing environment}} {{other uses|Asset (disambiguation)}}

In information security, computer security and network security, an '''asset''' is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information.<ref name=ISC_1>{{cite web| title=ISO/IEC 27005:2022 - Information security, cybersecurity and privacy protection| url=https://www.iso.org/standard/80585.html| publisher=ISO| date=October 2022| access-date=31 December 2023}}</ref><ref>{{Cite web |url=http://www.enisa.europa.eu/act/rm/cr/risk-management-inventory/glossary#G3 |title=ENISA Glossary |access-date=2010-11-21 |archive-url=https://web.archive.org/web/20120229151151/http://www.enisa.europa.eu/act/rm/cr/risk-management-inventory/glossary/#G3 |archive-date=2012-02-29 |url-status=dead }}</ref> Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.<ref name=FAIR>[http://www.riskmanagementinsight.com/media/docs/FAIR_introduction.pdf "An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006] {{webarchive|url=https://web.archive.org/web/20141118061526/http://www.riskmanagementinsight.com/media/docs/FAIR_introduction.pdf |date=2014-11-18 }};</ref>

==The CIA triad==

The goal of information security is to ensure the confidentiality, integrity and availability (CIA) of assets from various threats. For example, a hacker might attack a system in order to steal credit card numbers by exploiting a vulnerability. Information Security experts must assess the likely impact of an attack and employ appropriate countermeasures.<ref name=RFC2828>IETF {{IETF RFC|2828}}</ref> In this case they might put up a firewall and encrypt their credit card numbers.

==Risk analysis==

When performing risk assessment, it is important to weigh how much to spend protecting each asset against the cost of losing the asset. It is also important to take into account the chance of each loss occurring. Intangible costs must also be factored in. If a hacker makes a copy of all a company's credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous.

==See also==

* Countermeasure (computer) * Factor analysis of information risk * Information security management * IT risk * Risk factor * Risk management

==References==

{{Reflist}}

==External links==

* {{usurped|1=[https://web.archive.org/web/20110726055502/http://fismapedia.org/index.php?title=Term%3AAsset FISMApedia TERM]}}

{{DEFAULTSORT:Asset (Computing)}} Category:Data security Category:IT risk management Category:Reliability analysis Category:Security compliance