Assets an Organization Owns and Manages. It

¶ … assets an organization owns and manages. It will also look at the process and effectiveness of creating organizations' inventory with the main aim of having an effective daily system management and to for security of the organizations' assets. It is imperative that an organization has the records of all of it assets.

One of the most fundamental steps in IT management and IT security understands what physical and virtual IT assets an organization owns and manages. A good inventory provides information that is useful to daily system management, business office asset tracking, and security incident response.

Mark, (2000) 'An information Asset is a definable piece of information, stored in a manner which is recognized as 'valuable' to the organization.' For the case of the IT organization, the Information asset that exist include assets that hold a lot of value to the organization and cannot be easily replaced, without cost, skill, time, resources, or a combination. In that case I would to mention the following as the information assets in the organization; customer service information platform, product information platform, service information platform, product information templates and data base, service information templates, automated data analysis, tracking information, custom information dashboard, process database, project status information dash board, data capture meetings, cross-department information compilation, cross- department information exchange mechanisms, etc.

A threat is any circumstances or event with the potential to cause harm to an organization through the disclosure, modification or destruction of information, or by the denial of critical services. Threats can be non-malicious, through human error, hardware/software failures or natural disasters. 'Malicious threats on the other hand, fall in the category from being rational (obtaining something of value at no cost) to irrational (destroying crucial information or destroying some one's reputation). A threat does not necessarily cause harm.' (Mark, 2000)

For people, the threat involved may include authorized viewing of sensitive information by intruders or people who have the legitimacy coming across a variety of mechanism, misrouted electronic mail, printer output, mis-configured access control lists etc. People could pose security threat to the organizations' assets if use information assets for other functions other than the authorized purposes.

'The results of such acts are denial of service, increased cost, or damage to reputations. As for both software and hardware, the threat may component failure, which is failure due to design flaws, or hardware/software faults can lead to denial of service or security, compromises through the malfunction of a system component. False rejections of firewall by authorization server are an example of failures that affect security.' (Mark, 2000)

For database, the threats occur when unauthorized deletion, modification, or disclosure of information assets that results in the loss of organizations' integrity or confidentiality of business functions and information. In addition, processes could face threat if they are penetrated by unauthorized people or systems that may result in denial of service or significant incidences in handling costs.

The IT faces a lot of risks and when coming up with a security plan, it's crucial to take an inventory of your assets and ensure that each is protected according to its net worth. While this may sound simple, it's actually a complex process that should involve managers from thought the organization. A risk occurs when a threat takes advantage of a vulnerability to cause harm to a system.

The values of the listed items was determined by the likely cost it could cost the organization if was not protected and faced with security. It is also determined by the level of treat the asset will bring to the organization if it was destroyed or stolen. 'The listing also considered the sensitivity of the asset to the organization and potential security incidence.' (Wireman, 2007) The values of the assets was also arrived at as a result of examining the legal and regulatory issues likely to arise from its damage or loss or theft, the higher the value means then the organization has minimize it security occurrences.