Attaching monetary values to assets is an important pre task for calculating risks. For example, to get single loss expectancy, you must multiply asset value by exposure factor. AV x EF = SLE. Then you can utilize SLE to get annual loss expectancy by multiple it with annual rate of occurrence. SLE x ARO=ALE.
Asset value can be calculated using numerous matrix like the CIA matrix. Security professional needs to work with the system owner to properly assess the value. Asset may be just one IT asset or multiple and calculating it will be difficult without the system owner’s expertise.
To properly assess asset value, one must work with system owners to analyze how those systems are utilized and how the CIA of the systems are threatened. You must ask questions like are there workaround if assets are damaged and how critical is the asset to business operations.
Identification, valuation and categorization of these assets are critical to cybersecurity professional because it will ultimately help develop and deploy the required security control for the specified assets.
HansITAcademy 