111:, it is important to weigh how much to spend protecting each asset against the cost of losing the asset. It is also important to take into account the chance of each loss occurring. Intangible costs must also be factored in. If a hacker makes a copy of all a company's credit card numbers it does not cost them anything directly but the loss in fines and reputation can be enormous.
42:
is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information. Assets should be protected from
191:
218:
254:
125:
130:
43:
illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.
279:
195:
284:
216:"An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006
274:
80:
215:
108:
120:
88:
84:
140:
87:. Information Security experts must assess the likely impact of an attack and employ appropriate
269:
20:
92:
52:
27:
8:
76:
68:
31:
235:
35:
222:
166:"ISO/IEC 27005:2022 - Information security, cybersecurity and privacy protection"
145:
72:
56:
239:
263:
64:
165:
60:
135:
96:
16:
Data, device, or other component of a computing environment
169:
79:a system in order to steal credit card numbers by
261:
228:
262:
158:
91:. In this case they might put up a
209:
126:Factor analysis of information risk
13:
14:
296:
248:
102:
46:
131:Information security management
184:
1:
151:
67:(CIA) of assets from various
7:
114:
99:their credit card numbers.
10:
301:
18:
121:Countermeasure (computer)
21:Asset (disambiguation)
280:Reliability analysis
53:information security
28:information security
19:For other uses, see
285:Security compliance
275:IT risk management
221:2014-11-18 at the
71:. For example, a
55:is to ensure the
32:computer security
292:
242:
232:
226:
213:
207:
206:
204:
203:
194:. Archived from
192:"ENISA Glossary"
188:
182:
181:
179:
177:
162:
107:When performing
36:network security
300:
299:
295:
294:
293:
291:
290:
289:
260:
259:
255:FISMApedia TERM
251:
246:
245:
233:
229:
223:Wayback Machine
214:
210:
201:
199:
190:
189:
185:
175:
173:
164:
163:
159:
154:
146:Risk management
117:
109:risk assessment
105:
89:countermeasures
57:confidentiality
49:
24:
17:
12:
11:
5:
298:
288:
287:
282:
277:
272:
258:
257:
250:
249:External links
247:
244:
243:
227:
208:
183:
172:. October 2022
156:
155:
153:
150:
149:
148:
143:
138:
133:
128:
123:
116:
113:
104:
101:
48:
45:
15:
9:
6:
4:
3:
2:
297:
286:
283:
281:
278:
276:
273:
271:
270:Data security
268:
267:
265:
256:
253:
252:
241:
237:
231:
224:
220:
217:
212:
198:on 2012-02-29
197:
193:
187:
171:
167:
161:
157:
147:
144:
142:
139:
137:
134:
132:
129:
127:
124:
122:
119:
118:
112:
110:
103:Risk analysis
100:
98:
94:
90:
86:
85:vulnerability
82:
78:
74:
70:
66:
62:
58:
54:
47:The CIA triad
44:
41:
37:
33:
29:
22:
230:
211:
200:. Retrieved
196:the original
186:
174:. Retrieved
160:
106:
65:availability
51:The goal of
50:
39:
25:
176:31 December
141:Risk factor
264:Categories
202:2010-11-21
152:References
81:exploiting
61:integrity
219:Archived
115:See also
93:firewall
136:IT risk
97:encrypt
69:threats
238:
77:attack
75:might
73:hacker
234:IETF
40:asset
38:, an
240:2828
178:2023
95:and
63:and
34:and
236:RFC
170:ISO
26:In
266::
168:.
83:a
59:,
30:,
225:;
205:.
180:.
23:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.