Skip to content

Information Asset Protection

This Guideline specifies steps that an organization can take to develop and implement and effective risk-based information asset protection program.

To protect its information assets, organizations should establish a formal IAP program appropriate to its size and type. To be effective, the program should be tailored to the organization’s strategy, mission, and operating environment. Additional factors such as the organization’s scope, risk tolerance, decision making protocols, business practices, regulatory environment, public image, interrelationships, and culture play an important role in how the IAP program is designed and implemented.

Purchase the Softcover

ASIS members can enjoy a 50% discount off the list price. This Guideline is also available as an eBook.

Purchase the eBook

Take advantage of the Information Asset Protection's valuable content anytime, anywhere with the Information Asset Protection eBook.

Standards & Guidelines eBooks are free to ASIS Members.

About the Guideline

pubcover-2447-sa.jpgThis Guideline specifies steps that an organization can take to develop and implement an effective risk-based information asset protection program. It provides guidance on program development and maintenance, and outlines management, legal, and security strategies organizations can employ to safeguard their information assets. This Guideline is applicable to organizations of all sizes and types.

All organizations possess information assets which are necessary in achieving organizational strategic goals and objectives. An organization’s competitive edge often is the result of information derived from creativity and innovation. Consequently, the loss of information would negatively impact the organization’s investment in personnel, time, finances, product, and/or property.

Information assets, like physical assets, need to be identified and measured (regardless of form) in terms of financial value or relation to organizational strategy. For that reason, organizations should consider the financial and strategic impact of information loss or security breach as part of its risk management approach. Documenting assets is a basic step that organizations should consider to fully understand their unique information environment.

Related Content

ASIS-Store-800x800-Webinar.jpgConnected Corporate Security: How To Manage Threats and Risks with a Unified Security Model

Learn how security teams can serve as connectors across any organization and develop new, integrated solutions through technology, talent, partnerships, external networks, and the right kind of leadership and metrics.

View the Webinar

ASIS-Store-800x800-Webinar.jpgThe Convergence of OT/IT Cyber Security is Inevitable - Are you Ready?

Learn what operational technology security teams must do to stay current in their cyber physical security organizational practices.

View the Webinar

 

ASIS-Webinars-Generic.jpgSecuring Your Organization's Most Vulnerable Asset: Information

This collection of articles from the security profession’s premier publication takes a look at the variety of ways your organization’s information assets are at risk and what your security function should do about it.

Download the E-Book

arrow_upward