IT Examiner School

Identifying Assets

Data, systems, software & hardware

Channels through which information is exchanged and/or moved

Outsourcing arrangements

Identifying Asset Sensitivity

Once the assets are identified, their criticality & sensitivity must be valued

It is critical to differentiate the importance of assets so that institutions can assign priorities & appropriate controls

It is the firm’s responsibility to provide definitions for the classifications they use in their risk assessment

Management should be able to define all terms used in the risk assessment