Define Information Assets
This follows on from the
VPDSF Setup guide, however this step may be revisited multiple times.
An Information Asset refers to any piece of information or data within an organisation, regardless of its value. This includes records, documents, emails, reports, and other forms of data that are used or retained by the organisation. Information Assets are distinct from System Assets, such as databases, which are considered the infrastructure that holds or processes Information Assets.
The classification of Information Assets is based on the potential consequences of a compromise, assessing the impact on confidentiality, integrity, and availability, in accordance with guidelines such as those outlined in NIST
FIPS 199 and
FIPS 200.
The value and criticality of System Assets are derived entirely from the Information Assets those System Assets are responsible for protecting.
Options
There are 3 primary options for defining the Information Assets:
- Option 1: Manual Information Asset Entry
- Option 2: Cybersecurity Office Excel
- Option 3: Assistant Recommendations
Related Articles
Define Information Assets: Option 1: Manual Entry
This is one of the options available for Defining the Information Assets. Manual Information Asset Entry Defining the Information Assets manually requires an interactive, Information Assets by Information Assets data entry process. Click the 'Create' ...
Define Information Assets: Option 3: Assistant Recommendations
This is one of the options available for Defining the Information Assets. Assistant Recommendations If you don't have an existing record of Information Assets in your organisation, or you need some inspiration for new ones, the AI Assistant can come ...
Define System Assets
This follows on from the VPDSF Setup guide, however this step may be revisited multiple times. Step 1.4 Define System Assets A System Asset refers to any component, whether hardware, software, network, or information system, that is essential to the ...
Define Information Assets: Option 2: Cybersecurity Office Excel
This is a one of the options for Defining the Consequences. Cybersecurity Office Excel The Risk & Information Asset Classification Framework can currently only be customised via Excel. If the Options section is not open, click on it to expand the ...
Define Information Assets: Option 2: Cybersecurity Office Excel
This is one of the options available for Defining the System Assets. Cybersecurity Office Excel The primary means by which Information Assets are typically imported into Cybersecurity Office is in bulk via an Excel spreadsheet. Victorian Public ...