those assets to the organization. In the end, we must not spend
            more money to protect an asset than that asset is worth. This
            requires risk response to be based on the implementation of
            cost-effective controls.




            Asset Valuation
            The value of an asset is dependent on several factors -
            quantitative and qualitative values, and the criticality and/or
            sensitivity of the asset to the organization.


            Determining Asset Value


            What is an asset or entity worth? This is often quite a
            complicated calculation. The value of an asset is related to the
            cost of purchasing an asset, the importance of the asset to the
            business, and any regulatory issues. Price is often based on the
            value of the initial impact - but also on the ripple effect as the
            initial impact spreads to other systems, other departments, or
            increases over time. (the rise in incidence over time is part of a
            related discipline to be examined later known as Business
            Impact Analysis (BIA)).

            Other factors affecting the calculation of the value of an asset
            include financial penalties for non-compliance with legislation,
            penalties for failure to meet service level agreements, the value
            of the asset (data or knowledge) to a competitor, the cost of
            reconstruction of the data or system, and impact on customer
            confidence, reputation or employee morale.