Information Asset Valuation
Asset valuation provides a cost representation of what the organization stands to lose in the event of a major compromise. From the risk management perspective, assets are generally valued based on the business value and not only on simple acquisition or replacement costs. Business value is measured in terms of revenue loss or other potential impacts when an asset is compromised.
For example, suppose software is acquired at a cost of $1,000 and it generates revenue of $5,000 per day. In this case, the business value will be $5,000 per day and not merely the cost of acquisition ($1,000).
Determining the Criticality of Assets
The best method to determine the criticality of assets is a business impact analysis (BIA). A BIA determines the critical business assets by analyzing the impact of the unavailability of assets on business objectives. In case of a disaster, identified critical assets are recovered and restored as a priority to minimize the damage...
