Assets are everything that is of value to a company. This can include hardware, software, processes, people, knowledge, and so on. An asset repository consists of
-
information assets (primary assets), which include all business assets, processes and information that need protection (e.g. financial data, sales data, HR data, etc.) and
-
information carriers (supporting assets) on which the primary assets are processed (e.g. notebooks, office buildings).
An asset repository is required to perform an analysis of protection needs, as defined e.g. according to ISO standard 27001. Based on the asset repository, potential threats can be identified, the potential loss valued, the risk assessed and measures defined. For example, the criticality of an asset and the potential risks associated with it have an influence on whether logging in with a password is sufficient or whether 2-factor authentication is recommended.