Information Asset Profiling

IAP is a documented and repeatable process for developing consistent asset profiles. They also explain how the development of an information asset inventory using the IAP process provides a strong basis for organizations to begin to identify and address their information security needs.  The IAP approach to develop an information asset inventory has several advantages and provides a strong basis for organizations to begin to identify and address their information security needs.

Information Asset Profiling outcomes include:

• Provides a clear understanding of your current information assets and their security risks
• Identifies vulnerabilities to your asset containers
• Raises internal awareness of information asset security risks and leads to more informed decision-making
• Provides a specific, actionable plan to improve overall security posture based on individual business needs
• Provides deep insight into information asset security issues before they are exploited
• Designed to comply with industry, federal and state regulations, and privacy principles
• Utilises co-combination of the industry-leading standards in information asset assessment Octave® , COBIT and ISO27002
• Provides a complete risk model @Risk, and the required qualitative and quantitative investments to mitigate risk

There are six major activities in the profile process:

The ultimate goal of the IAP process is to provide a common definition of an information asset for developing and applying a protection strategy and risk mitigation plan including:

• a common, consistent, and unambiguous understanding of information asset boundaries
• clearly designated asset owner or owners
•  a complete set of information security requirements for each asset
• descriptions of where the asset is stored, transported, and processed
• an opportunity to determine the asset’s value