Email: info@fc-llc.org
by RW-Freedom Posted on February 11, 2020
A combination of security technology, practices, and processes ensures the safety of assets. However, before a security plan can be developed, an organization must determine what assets they are trying to protect. Learning what is worth protecting and what is not worth protecting is the very first step an organization will need to take. All assets fall into one of three categories.
The first category is people. Protecting lives is often the most important function of any security program. The other types of assets can be replaced, but human life cannot. An organization has a duty to protect not only its employees but also its customers. A proper security program will be constructed to protect both. There are some circumstances where specific people or groups might have a higher threat level. In these cases, your company may require additional protection for these groups. For example, an executive of a national retail chain may be a target for kidnap/ransom, but a customer of the same chain will likely not be under any risk. Security professionals can determine what kind of threats are faced by different people and customize a security program to mitigate those risks, threats, and vulnerabilities.
The second category is physical, non-human assets. In this category, we place all the “stuff” the organization has. Trying to list out every potential asset in this category is impossible. The following example will help illustrate how to determine what is and isn’t a physical asset. Take a hypothetical delivery company that relies on its vans to deliver goods to its customers. The company owns multiple vehicles and physical office space. The company would not be able to operate if either the vehicles or the products are compromised; they are assets. The company can still function if a trashcan or printer paper from the office goes missing, meaning they are not assets that require protection. This hypothetical organization now knows to take steps to protect the vans and the products, while putting less emphasis on other company property. Importance to operations is a critical factor in determining what a company asset is.
Individuals or families may have physical assets, as well. Family heirlooms, one-of-a-kind belongings, sentimental items, or expensive electronics are all physical assets worth protecting. Just like the hypothetical company above, a family or individual can have possessions that do not reach the level of an asset that needs protection. Making that determination is the first step in protecting your personal belongings.
The final type of asset is information. Information can be valuable intellectual property (IP) or proprietary processes. This type of asset is often intangible but can be incredibly valuable. There may also be some overlap with physical assets; digital information stored on a company computer represents both a physical and informational asset. Malicious international Nation-state and corporate threat actors have entire operations aimed at compromising the valuable IP and compromising other information of organizations and individuals. Many organizations offer unique services or have a unique manufacturing process. If these types of proprietary services are compromised, the organization may not be able to operate. Information assets are often just as important as physical assets. As with the other types of assets, identifying information-based assets is the first step in mitigating threats against them.
Determining what assets to protect is often a difficult task. Freedom Consulting LLC security professionals will help identify all of an organization’s assets, including ones that aren’t readily apparent. Our professionals can work with your organization to determine how to protect each asset efficiently. For more info or to schedule a consultation, please visit this link or email us at info@freedomconsultingservices.org.
© 2024 Freedom Consulting LLC. All rights reserved