12315 Parc Crest Dr, STE# 160
Stafford, TX 77477
713-590-9720
Call Us
Attributes and the security metrics for your information assets

Attributes and the security metrics for your information assets

Attributes of an asset

Each asset or group of assets has different types of valuation indicators that offer an orientation with which the impact and threat they can cause when they are outside the safety of our company can be balanced.

The attributes that give value to assets are:

Quantitative Value: the value of the change that can be used in certain types of assets and their usefulness.

Qualitative Value: supports the classification of types of assets by their nature.

The assets are valued specifically according to the state they are in and the security of the information with which they are considered in order to reach the ACID level: Authenticate, Confidentiality, Integrity and Disponibility.

Security Asset Metric

The people responsible for protecting the assets have to identify, define and value all the assets. Intrinsic valuation metrics are based on:

  • The assets that have been inventoried, must be in one part those that are related to the environment and another part those that are related to the information systems.
  • Other assets that may or may not be inventoried, are usually with existing applications that cover obtaining information.
  • Other assets cannot be inventoried by the type of asset, but they do not cease to have use value for the company, which is usually appreciated qualitatively because of its lack.

It is not advisable to mix the valuations of the assets that are inventoried and those that are not inventoried, since otherwise the valuation of the procedures would require a double effort.

Carrying out the metrics for assessing the security status of the asset that is taken into account allows estimating the values mentioned above, ACID.

The metrics that we must take into account to comply with ISO 27001 can be classified into these 4 substations (ACID)

Substation A (authentication):It has the characteristic of offering and recognizing the authenticity of the information assets and identifying the actors or the necessary authorization offered by the people with whom they have the power of the asset.

  • Low: it is not required to know the information assets.
  • Normal: it is necessary to know the issuer of the asset.
  • High: it is necessary to avoid repudiation at destination.
  • Critical: it is necessary to determine the authorship and non-modification of content.

Substation C (Confidentiality):It has the characteristic of preventing the disclosure or unauthorized disclosure of personal information assets.

  • Free: You have no restrictions when it comes to broadcasting.
  • Restricted: presents normal restrictions.
  • Protected: it has high restrictions.
  • Confidential: I could not spread under any circumstances.

Substation I (integrity):It has the characteristic of protecting the unauthorized modification or destruction of company assets, which links the reliability of the Information Security Systems ISO 27001 and refers to information type assets.

  • Low: it can be replaced quite easily.
  • Normal: it can be replaced with an asset of similar quality with reasonable inconvenience.
  • High: the necessary asset quality is easily rebuildable.
  • Critical: you can not get a similar quality again.

Substation D (disponibility): protects against the denial of unauthorized access to company assets and is associated with the technical reliability of the components of the Information System.

The scale of levels that expresses the maximum time of lack of assets.

  • Less than an hour.
  • Until one business day.
  • Up to one week
  • More than a week.

Andrea Leal

Reduce, Reuse, Recycle

Contact Us