METHOD OF IDENTIFICATION AND INFORMATION ASSETS IMPORTANCE ASSESSMENT

Abstract

The work of determining the value of information assets across the entire organization is both the most significant and the most difficult. It is the assessment of information assets that will allow the head of the IS department to choose the main areas of activity to ensure information security. First of all, when carrying out this procedure, it is necessary to obtain information about the organization's assets, which are used in its daily activities. The value of the asset is expressed by the amount of losses that the organization suffers in the event of a security breach of the asset.

A threat has the potential to harm assets such as information, processes and systems, and therefore the organization itself. Threats can be of various origins: natural, man-made or anthropogenic; can be intentional or accidental. All sources of threats to assets must be taken into account during identification.  The purpose of the process of identification and assessment of the importance of information assets is to obtain importance values for the selected assets of the organization. The result of this process is important both for risk assessment and for understanding the need for IS measures.

In this article, an analysis of international and domestic standards and practices in the field of identification and assessment of the importance of the organization's information assets was carried out, as well as approaches and methods of identification and assessment of the importance of the organization's information assets in the assessment of information security risks were considered. Based on the results of the performed analysis, a method of identification and assessment of the importance of the organization's information assets was developed.

As a result of the work, the implementation of a more advanced approach to risk management and, accordingly, information security was achieved.