Asset

From CIPedia
Jump to: navigation, search

Definitions

European Definitions

ENISA

Anything that has value to the organization, its business operations and their continuity, including Information resources that support the organization's mission. [1]

EU project

An asset is a CIP and CIP-related methodology, method, platform, test bed, infrastructure, research tool, technology, model, data source, report, and any other form of CIP- and modelling, simulation and analysis (MS&A) expertise. [2]


National Definitions

Australia

Asset: an item that has a value to an agency—including personnel, information and physical assets. [3]


Canada

A person, structure, facility, information, material or process that has value.

Personne, structure, installation, information, matériel ou processus ayant de la valeur. [4]

Czech Republic

Cokoliv, co má hodnotu pro jednotlivce, organizaci nebo veřejnou správu. [5]

Anything that has value to an individual, company or public administration. [6]


France

Bien: Toute ressource qui a de la valeur pour l’organisme et qui est nécessaire à la réalisation de ses objectifs. On distingue notamment les biens essentiels ( Information ou processus jugé comme important pour l’organisme. On appréciera ses besoins de sécurité mais pas ses vulnérabilités) et les biens supports (Bien sur lequel reposent des biens essentiels. On distingue notamment les systèmes informatiques, les organisations et les locaux. On appréciera ses vulnérabilités mais pas ses besoins de sécurité). [7]

Any resource that has value to the organisation and is necessary to achieve its objectives. In particular, we distinguish between primary assets (Data or process deemed important for the organisation. We can assess its sensitivity but not its vulnerabilities) and supporting assets (provides support for primary assets. We can assess its vulnerabilities but not its sensitivity). [8]


Kingdom of Saudi Arabia

Asset is a major application, general support system, high impact program, physical plant,mission critical system, personnel, equipment, or a logically related group of systems. [9]

United Arab Emirates

Asset: Any tangible or intangible value (people, property, information) to the organisation. [10]

United States

DHS
An assets is a person, structure, facility, information, material, or process that has value. [11]

NIST
A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems. [12]

US-CERT
Something of value to an organization; typically, people, information, technology, and facilities that the critical services relies on. [13]
One of the foundational principles of the CRR design is the idea that an organization deploys its assets (i.e., people, information, technology, and facilities) to support specific operational missions. Failure in any of these assets may result in a cascading impact on related business processes, services, and the organization’s mission.

Standard Definition

ISA-62443-*

Asset: physical or logical object having either a perceived or actual value to the IACS. [14]

ISO/IEC 27000:2012

Anything that has value to the organization. [15]

This definition has been removed in the revised version of the standard in 2014. [16]

IETF

A system resource that is (a) required to be protected by an information system's security policy, (b) intended to be protected by a countermeasure, or (c) required for a system's mission. [17]

See also

Notes

  1. ENISA Risk Glossary
  2. CIPRNet Deliverable D4.3
  3. Protective Security Policy Framework - Glossary Oct 2017
  4. Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
  5. Výkladový slovník kybernetické bezpečnosti (2013)
  6. Cyber Security Explanatory Glossary (2013)
  7. Méthode de classification et mesures principales, ANSSI (2014)
  8. Classification Method and Key Measures, ANSSI (2014)
  9. Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
  10. Abu Dhabi Safety and Security Planning Manual
  11. DHS Risk Lexicon 2010 Edition, September 2010
  12. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
  13. Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
  14. ISA-62443 series
  15. ISO/IEC 27000:2012, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  16. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  17. IETF RFC449 Internet Security Glossary 2