Information assets are the resources that companies use to expedite their management, both hardware and software that respond to an Information Security Management System (ISMS) so that companies function properly and achieve the objectives that have been achieved. proposed.

The assets are associated, directly or indirectly, with all departments of the company.

A security project aims to control the security of the information assets that generate the domain in the study of projects. The limit of the set of assets of the domain does not preclude the consideration of the security relations of said information assets with the environment.

One of the first steps that the company must follow to adapt to ISO 27001 is to carry out an inventory of information assets. They will have the information assets that represent some value for the company and that are within the scope of the ISMS.

You must start by classifying them in some way to make management more agile. There are many ways to do it as explained in our article Classification of IT assets and the reasons for sanitizing the data where each type of asset is shown and this classification can be implemented by companies of different nature.

It is necessary to update the processes of the classification of assets as part of the continuous improvement of the companies since the information assets are very changing in the course of operation of the company. This means that every day, week, months, even years, assets change in each department of the company.

The review of the Information Security Management System should be included when making our inventory.

According to ISO 27001 we must classify our assets as follows.

Pure information assets

Digital data

• Personal
• Financial
• Legal
• Investigation and development
• Strategic
• Commercial
• Email
• Answering machines
• Databases
• Logical drives
• Backups

Tangible assets

• Personal
• Financial
• Legal
• Investigation and development
• Strategic and commercial
• Email
• Backups
• Office keys
• Other storage media

Intangible assets

• Knowledge
• Relations
• Trade secrets
• Licenses
• Patents
• Experience
• Technical knowledge
• Corporate image
• Brand
• Commercial reputation
• Customer trust
• Competitive advantage
• Ethics
• Productivity

Application software

• Owner development by the organization
• Client
• Enterprise Resource Planning
• Information management
• Utilities
• Database tools
• Ecommerce applications
• Middleware

Operating systems

• Servers
• Desktop computers
• Contra computers
• Network devices
• Handheld and embedded devices

Physical assets

IT Infrastructure

• Buildings
• Data centers
• Equipment and server rooms
• Network cabinets
• Offices
• Desks
• Drawers
• Cabinets
• Physical media storage rooms
• Security boxes
• Identification devices
• Authentication
• Personnel access control
• Other security devices
• IT environment controls
• Alarm equipment
• Fire suppression
• Uninterruptible Power Systems
• Power supply
• Conditioners
• Filters
• Power suppressors
• Dehumidifiers
• Refrigerators
• Air alarms
• Water alarms

IT hardware

• Storage devices
• Desktop computers
• Work stations
• Laptops
• Handheld equipment
• Servers
• Modems
• Network termination lines
• Communications devices
• Multifunction equipment

IT service assets

• User Authentication Services
• Process administration
• Links
• Firewall
• Proxy servers
• Network services
• Wireless services
• Anti spam
• Virus
• Spyware
• Intrusion Detection and Prevention
• Teleworking
• Security
• Email
• Instant messaging
• Web services
• Support contracts
• Software maintenance

Human assets

Employees

• Staff and managers
• Participate those who have management roles as senior positions
• Software Architects and Developers
• System administrators
• Security administrators
• Operators
• Lawyers
• Auditors
• Users with power
• Experts in general

External

• Temporary workers
• External consultants
• Specialist Advisors
• Specialized contractors
• Suppliers
• Partners

The ISO 27001 standard aims to protect the information assets of any company. Every company has important information that it wants to protect against any situation that involves a risk or threat. This information that is essential for the company is what is called an information asset.