Most companies have a clearly defined Asset Classification Policy but are not aware where all the assets including information reside. We have the ability to locate all information assets in electronic format and to classify them against the company's Asset Classification Policy based on ownership.
- Know the location of all your information assets.
- Determines the requirement for stricter access controls.
- Determines whether further technological controls are required.
- Determines the requirement for an Information Management System.
Asset Classification and especially Information Asset Classification is one of the most important requirements for any company as it allows the company to understand the value of its information assets and to allocate resources to protect them. IT Matrix's Asset Classification goes beyond what are generally accepted principles for Confidentiality, Integrity and Availability to show the worth or value of the asset to business.
- Identifies Intellectual Property.
- Understands the value of the asset.
- Understands the potential costs associated with the protection of the information asset.
- Base the requirement for controls on the business value of the information asset.
- Understanding the business impact from loss of Confidentiality, Integrity and Availability of the Information Asset.
Once all assets have been identified and classified, they need to be managed through application of relevant controls as per their value to the organization. This is done by using a combination of procedural and technical controls including software specifically designed to manage the value status of an asset. While the management of assets is not a Business Process Management (BPM) exercise, the management of Information Assets is usually the initiator of a BPM exercise.
- Business is aware at all times of the classification of their assets
- Business may at anytime change the classification of their asset and thus mandate either a stricter or lesser control of the asset
- Proves that the cost of Information Security controls is commensurate to the value of the asset
- Proves compliance to applicable laws and regulations
- Determines the requirement for stricter access controls