Skip to content

Information Asset Protection

This Guideline specifies steps that an organization can take to develop and implement and effective risk-based information asset protection program.

To protect its information assets, organizations should establish a formal IAP program appropriate to its size and type. To be effective, the program should be tailored to the organization’s strategy, mission, and operating environment. Additional factors such as the organization’s scope, risk tolerance, decision making protocols, business practices, regulatory environment, public image, interrelationships, and culture play an important role in how the IAP program is designed and implemented.

Purchase the Softcover

ASIS members can enjoy a 50% discount off the list price. This Guideline is also available as an eBook.

Purchase the eBook

Take advantage of the Information Asset Protection's valuable content anytime, anywhere with the Information Asset Protection eBook.

Standards & Guidelines eBooks are free to ASIS Members.

About the Guideline

pubcover-2447-sa.jpgThis Guideline specifies steps that an organization can take to develop and implement an effective risk-based information asset protection program. It provides guidance on program development and maintenance, and outlines management, legal, and security strategies organizations can employ to safeguard their information assets. This Guideline is applicable to organizations of all sizes and types.

All organizations possess information assets which are necessary in achieving organizational strategic goals and objectives. An organization’s competitive edge often is the result of information derived from creativity and innovation. Consequently, the loss of information would negatively impact the organization’s investment in personnel, time, finances, product, and/or property.

Information assets, like physical assets, need to be identified and measured (regardless of form) in terms of financial value or relation to organizational strategy. For that reason, organizations should consider the financial and strategic impact of information loss or security breach as part of its risk management approach. Documenting assets is a basic step that organizations should consider to fully understand their unique information environment.

Related Content

ASIS-Webinars-Generic.jpgSiemens and Samdesk: Using Data to Protect Your Brand, Assets and Most Importantly People

Information as we know it today, is more readily available than ever before. It can be obtained through multiple sources (OSINT) and consumed through various channels via the web. We are often flooded, overwhelmed even, by data. Understanding and dissecting this data is key for effective decision making when it comes to security operations and business continuity.

Register for the Webinar

ASIS-Webinars-Generic.jpgNation States, Organized Crime and Other Adversaries: What You Don't Know CAN Hurt You

This session discusses how our Enterprise Threat Intelligence Assessment (ETIA) can provide a baseline to critical knowledge to help identify your adversaries, their focus, motivation and capabilities. It brings actual case files and demonstrates how this critical knowledge can help faster, more effective business decisions, further reducing risk by predicting and preventing attacks and ultimately eliminating surprise.

Register for the Webinar

ASIS-Webinars-Generic.jpgSecuring Your Organization's Most Vulnerable Asset: Information

This collection of articles from the security profession’s premier publication takes a look at the variety of ways your organization’s information assets are at risk and what your security function should do about it.

Download the E-Book