How to classify assets in a risk assessment

One of the more difficult tasks in any fraud, revenue assurance, security or compliance risk assessment is classifying assets and tagging them with a financial value.  Here are a few tips on asset classification and valuation.

There are 5 fundamental types of assets:

  1. physical assets (like a building or a data center),
  2. digital assets (like unstructured text in a MS Word file),
  3. chemistry assets (An asset that is well defined by a unique formula. not necessarily a drug)
  4. software assets (source code or an algorithm).
  5. operational assets (customers, suppliers)

Then there are 5 fundamental  attributes of assets, where each attribute has particular values:

  1. Location – a physical asset such as building has a unique, invariant location. a digital asset such as a Strategic plan in Powerpoint format does not.
  2. Boundaries – a physical asset such as building has unique, invariant boundaries, digital and software assets do not have measurable boundaries whereas a chemical asset has a fairly well defined boundary in terms of the description of the formulas involved although not in terms of the manufacturing recipe.
  3. Measurable – what is the ability to measure damage to the asset by an attacker. Can the replacement value be calculated and is there an alternative cost. Physical assets are eminently measurable due to their physical location and boundaries.  The other 3 asset types – chemical, digital and software vary as to measurability.  If a chemical formula is leaked by a trusted insider – it may not make any difference at all if the patent is publicly available and if software is leaked then it may not matter if it was free open source – on the other hand – proprietary closed source software, if stolen can result in damage equivalent to how many man hours were invested.
  4. Clonable – A physical asset cannot be cloned.  Digital and software can and chemical assets are probably not easily cloned since they may have unique formulas.
  5. Replaceable – An old historical building in a unique location cannot be replaced but most all the other assets can be replaced by substitutes with equivalent functionality, attributes and value to the organization.

Leave a Reply

Post Comment