Information Asset Profiling

IAP is a documented and repeatable process for developing consistent asset profiles. They also explain how the development of an information asset inventory using the IAP process provides a strong basis for organizations to begin to identify and address their information security needs.  The IAP approach to develop an information asset inventory has several advantages and provides a strong basis for organizations to begin to identify and address their information security needs.

Information Asset Profiling outcomes include:

  • Provides a clear understanding of your current information assets and their security risks
  • Identifies vulnerabilities to your asset containers
  • Raises internal awareness of information asset security risks and leads to more informed decision-making
  • Provides a specific, actionable plan to improve overall security posture based on individual business needs
  • Provides deep insight into information asset security issues before they are exploited
  • Designed to comply with industry, federal and state regulations, and privacy principles
  • Utilises co-combination of the industry-leading standards in information asset assessment Octave® , COBIT and ISO27002
  • Provides a complete risk model @Risk, and the required qualitative and quantitative investments to mitigate risk


There are six major activities in the profile process:

asset-profiling
The ultimate goal of the IAP process is to provide a common definition of an information asset for developing and applying a protection strategy and risk mitigation plan including:

  • a common, consistent, and unambiguous understanding of information asset boundaries
  • clearly designated asset owner or owners
  •  a complete set of information security requirements for each asset
  • descriptions of where the asset is stored, transported, and processed
  • an opportunity to determine the asset’s value