Professional Documents
Culture Documents
ASSET-BASED
RISK
ASSESSMENT
What is Asset-Based
Risk Assessment?
An asset-based risk assessment focuses
on identifying and evaluating the risks to
an organization's assets.
Assets include:
Laptops Firewall
Servers Database
Softwares Contracts
Low 1 1 1
Medium 2 2 2
High 3 3 3
Very High 4 4 4
3 Classify the Assets
Classify the assets based on the average of
CIA value. Classifying the assets will help to
determine the controls required to protect
that asset.
Asset
Classification
1 Low
2 Medium
Average Asset
Value 3 High
4 Very High
Likelihood
Low (1) 1 2 3
Medium (2) 2 4 6
Impact
High (3) 3 6 9
Very
(4) 4 8 12
High
Difficult Medium 2
Easy High 3
96 > 8
PROCEED WITH THE RISK TREATMENT
8 Risk Treatment
If the inherent risk is greater than the risk
appetite, choose one of the below risk
treatment options.
Risk Treatment
Avoid Mitigate
Transfer Accept
CHECKLISTS | WHITEPAPERS
TEMPLATES | VIDEOS
FOLLOW US ON