Difference between revisions of "Asset"

From CIPedia
Jump to navigation Jump to search
m (Text replace - "USA" to "United States")
(Notes)
(38 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Definitions==
 
==Definitions==
 
=== European Definitions ===
 
=== European Definitions ===
{{definition|?}}
+
====[[ENISA]]====
 +
{{definition|Anything that has value to the organization, its business operations and their continuity, including Information resources that support the organization's mission.  <ref name="ENISAGlos">[http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br />
 +
====[[EU project]]====
 +
{{definition|An asset is a [[Critical Infrastructure Protection|CIP]] and CIP-related methodology, method, platform, test bed, infrastructure, research tool, technology, model, data source, report, and any other form of CIP- and modelling, simulation and analysis (MS&A) expertise.  <ref>CIPRNet Deliverable D4.3</ref>}}<br />
  
 +
<!--
 
=== Other International Definitions ===
 
=== Other International Definitions ===
{{definition|Anything that has value to the organization, its business operations and their continuity, including Information resources that support the organization's mission.  <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}
+
 
 +
 
 +
-->
 +
 
 
=== National Definitions ===
 
=== National Definitions ===
<!--Test test test.-->
+
====[[Australia]] ====
==== United States====
+
{{definition|Asset: an item that has a value to an agency—including personnel, information and physical assets.    <ref>[https://www.protectivesecurity.gov.au/resources/Pages/PSPF-Glossary-of-terms.aspx  Protective Security Policy Framework - Glossary Oct 2017]</ref>}}<br/><br/>
{{definition|Person, structure, facility, information, material, or process that has value. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}
+
 
 +
==== [[Canada]] ====
 +
{{definition|A person, structure, facility, information, material or process that has value.<br/><br/>Personne, structure, installation, information, matériel ou processus ayant de la valeur. <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}}<br />
 +
 
 +
====[[Czech Republic]]====
 +
{{definition|Cokoliv, co má hodnotu pro jednotlivce, organizaci nebo veřejnou správu. <ref>[http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)]</ref><br/><br/>Anything that has value to an individual, company or public administration. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}
 +
<br />
 +
==== [[France]] ====
 +
{{definition|Bien: Toute ressource qui a de la valeur pour l’organisme et qui est nécessaire à la réalisation de ses objectifs. On distingue notamment les biens essentiels ( Information ou processus jugé comme important pour l’organisme. On appréciera ses besoins de sécurité mais pas ses vulnérabilités) et les biens supports (Bien sur lequel reposent des biens essentiels. On distingue notamment les systèmes informatiques, les organisations et les locaux. On appréciera ses vulnérabilités mais pas ses besoins de sécurité).  <ref>[https://www.ssi.gouv.fr/uploads/2014/01/securite_industrielle_GT_methode_classification-principales_mesures.pdf Méthode de classification et mesures principales, ANSSI (2014)]</ref><br/><br/>Any resource that has value to the organisation and is necessary to achieve its objectives. In particular, we distinguish between primary assets (Data or process deemed important for the organisation. We can assess its sensitivity but not its vulnerabilities) and supporting assets (provides support for primary assets. We can assess its vulnerabilities but not its sensitivity). <ref>[https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_Classification_Method.pdf Classification Method and Key Measures, ANSSI (2014)]</ref>}}<br/><br/>
 +
 
 +
====[[Kingdom of Saudi Arabia]]====
 +
{{definition|Asset is a major application, general support system, high impact program, physical plant,mission critical system, personnel, equipment, or a logically related group of systems. <ref> [http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}}<br />
 +
==== [[United Arab Emirates]] ====
 +
{{definition|Asset: Any tangible or intangible value (people, property, information) to the organisation. <ref>[http://www.upc.gov.ae/sspm/common/docs/SSPM-UPC-Eng.pdf Abu Dhabi Safety and Security Planning Manual]</ref>}}<br/>
 +
 
 +
==== [[United States]]====
 +
=====[[DHS]]=====
 +
{{definition|An assets is a person, structure, facility, information, material, or process that has value. <ref name="DHSLex">[http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br />
 +
 
 +
=====[[NIST]]=====
 +
{{definition|A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems. <ref name="NISTIR7298">[http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br />
 +
=====[[US-CERT]]=====
 +
{{definition|Something of value to an organization; typically, people, information, technology, and facilities that the critical services relies on.  <ref name="USCERT">[https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)]</ref>}} One of the foundational principles of the CRR design is the idea that an organization deploys its assets (i.e., people, information, technology, and facilities) to support specific operational missions. Failure in any of these assets may result in a cascading impact on related business processes, services, and the organization’s mission. <br />
  
 
===Standard Definition===
 
===Standard Definition===
==== ISO/IEC 27000:2012 ====
+
==== [[ISA|ISA-62443-*]] ====
{{definition| Anything that has value to the organization <ref name="ISO27000-12"> [http://www.iso.org/iso/catalogue_detail?csnumber=56891 ISO/IEC 27000:2012, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. }}
+
{{definition|Asset: physical or logical object having either a perceived or actual value to the [[Industrial Automation Control System|IACS]]. <ref name='ISA999'>ISA-62443 series</ref>}}<br/>
<big>This definition has been removed in the revised version of the standard in 2014<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>.</big>
+
 
 +
==== [[ISO|ISO/IEC 27000:2012]] ====
 +
{{definition| Anything that has value to the organization. <ref name="ISO27000-12">[http://www.iso.org/iso/catalogue_detail?csnumber=56891 ISO/IEC 27000:2012, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}}
 +
<big>This definition has been removed in the revised version of the standard in 2014. <ref name="ISO27000-14">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref></big><br/>
 +
 
 +
==== [[ISO|ISO 55000:2014]] ====
 +
{{definition|Asset: Item, thing or entity that has potential or actual value to an organization. <ref>[https://www.iso.org/standard/55088.html ISO 55000:2014 Asset management -- Overview, principles and terminology]</ref>}}<br/>
 +
 
 +
====[[IETF]]====
 +
{{definition|A system resource that is (a) required to be protected by an information system's security policy, (b) intended to be protected by a countermeasure, or (c) required for a system's mission. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br />
 +
 
 +
=== [[Dictionary]]===
 +
{{definition|Asset Informatie of digitale systemen die van waarde zijn voor een organisatie. <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}} Voorbeelden zijn: intellectueel eigendom, een klantendatabase, personeelsinformatie, etc. <br/><br/>
 +
{{#set:defined by=Dictionary}}
  
 
==See also==
 
==See also==
 
  
 
==Notes==
 
==Notes==
 +
==References==
 
<references />
 
<references />
 
<!--
 
==References==
 
* Test reference. -->
 
 
 
[[Category:Risk]]
 
[[Category:Risk]]
 +
{{#set:defined by=ENISA|defined by=Australia|defined by=Canada|defined by=Czech Republic|defined by=France|defined by=Kingdom of Saudi Arabia|defined by=United Arab Emiratesdefined by=United States|defined by=IETF|defined by=ISO|defined by=NIST|defined by=EU project|defined by=US-CERT|defined by=ISA}}
 +
{{#set: Showmainpage=Yes}}

Revision as of 11:54, 15 August 2022

Definitions

European Definitions

ENISA

Anything that has value to the organization, its business operations and their continuity, including Information resources that support the organization's mission. [1]


EU project

An asset is a CIP and CIP-related methodology, method, platform, test bed, infrastructure, research tool, technology, model, data source, report, and any other form of CIP- and modelling, simulation and analysis (MS&A) expertise. [2]



National Definitions

Australia

Asset: an item that has a value to an agency—including personnel, information and physical assets. [3]



Canada

A person, structure, facility, information, material or process that has value.

Personne, structure, installation, information, matériel ou processus ayant de la valeur. [4]


Czech Republic

Cokoliv, co má hodnotu pro jednotlivce, organizaci nebo veřejnou správu. [5]

Anything that has value to an individual, company or public administration. [6]


France

Bien: Toute ressource qui a de la valeur pour l’organisme et qui est nécessaire à la réalisation de ses objectifs. On distingue notamment les biens essentiels ( Information ou processus jugé comme important pour l’organisme. On appréciera ses besoins de sécurité mais pas ses vulnérabilités) et les biens supports (Bien sur lequel reposent des biens essentiels. On distingue notamment les systèmes informatiques, les organisations et les locaux. On appréciera ses vulnérabilités mais pas ses besoins de sécurité). [7]

Any resource that has value to the organisation and is necessary to achieve its objectives. In particular, we distinguish between primary assets (Data or process deemed important for the organisation. We can assess its sensitivity but not its vulnerabilities) and supporting assets (provides support for primary assets. We can assess its vulnerabilities but not its sensitivity). [8]



Kingdom of Saudi Arabia

Asset is a major application, general support system, high impact program, physical plant,mission critical system, personnel, equipment, or a logically related group of systems. [9]


United Arab Emirates

Asset: Any tangible or intangible value (people, property, information) to the organisation. [10]


United States

DHS
An assets is a person, structure, facility, information, material, or process that has value. [11]


NIST
A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems. [12]


US-CERT
Something of value to an organization; typically, people, information, technology, and facilities that the critical services relies on. [13]

One of the foundational principles of the CRR design is the idea that an organization deploys its assets (i.e., people, information, technology, and facilities) to support specific operational missions. Failure in any of these assets may result in a cascading impact on related business processes, services, and the organization’s mission.

Standard Definition

ISA-62443-*

Asset: physical or logical object having either a perceived or actual value to the IACS. [14]


ISO/IEC 27000:2012

Anything that has value to the organization. [15]

This definition has been removed in the revised version of the standard in 2014. [16]

ISO 55000:2014

Asset: Item, thing or entity that has potential or actual value to an organization. [17]


IETF

A system resource that is (a) required to be protected by an information system's security policy, (b) intended to be protected by a countermeasure, or (c) required for a system's mission. [18]


Dictionary

Asset Informatie of digitale systemen die van waarde zijn voor een organisatie. [19]

Voorbeelden zijn: intellectueel eigendom, een klantendatabase, personeelsinformatie, etc.


See also

Notes

References