1
00:00:00,240 --> 00:00:07,680
All set to start with the first lecture in which we are going to define information and asset.

2
00:00:08,310 --> 00:00:10,920
Well, what is information and what is asset?

3
00:00:11,800 --> 00:00:19,020
According to ISO 9000, that is quality management system information is a meaningful data.

4
00:00:19,200 --> 00:00:24,960
Something that has a meaning or a fact provided is nothing more information.

5
00:00:25,170 --> 00:00:33,090
Your name, your address, your e-mail address is information, the place you work, the organization

6
00:00:33,680 --> 00:00:38,750
in you in which you are currently employed or your work is information.

7
00:00:39,060 --> 00:00:41,400
Your password is information.

8
00:00:42,810 --> 00:00:51,750
So facts provided or learned about something or someone is nothing but an information about what is

9
00:00:51,750 --> 00:00:54,660
an asset when it comes to security.

10
00:00:54,660 --> 00:00:58,820
You always will get to learn about this world asset.

11
00:00:59,280 --> 00:01:00,380
So what is an asset?

12
00:01:01,290 --> 00:01:09,930
An asset is an item thing or an entity that has potential or actual value to an organization.

13
00:01:10,680 --> 00:01:18,390
Now, asset is something that is very valuable to an organization as it can be information that is a

14
00:01:18,390 --> 00:01:19,470
meaningful data.

15
00:01:19,860 --> 00:01:27,510
It can be a software or hardware, for example, when it comes to any idea that you design, that is

16
00:01:27,510 --> 00:01:28,440
an asset for them.

17
00:01:28,440 --> 00:01:28,770
Right.

18
00:01:29,040 --> 00:01:31,240
Which has something very important.

19
00:01:31,270 --> 00:01:36,210
Value is an asset then services people.

20
00:01:36,210 --> 00:01:38,550
Yes, even people are assets.

21
00:01:38,550 --> 00:01:46,110
For example, consider a person who has worked in an organization for 15 years and now he has suddenly

22
00:01:46,110 --> 00:01:48,270
choose to, you know, resign.

23
00:01:48,270 --> 00:01:55,950
So that is like losing the asset for the company, his brain, the way he worked or, you know, the

24
00:01:55,950 --> 00:01:56,970
way he operated.

25
00:01:57,300 --> 00:01:58,320
That is an.

26
00:01:59,730 --> 00:02:07,770
Assets can also be intangibles, for example, the reputation and the image of you or your organization.

27
00:02:08,130 --> 00:02:09,500
Yes, that is an asset.

28
00:02:09,510 --> 00:02:18,000
So basically, to sum up, asset is something that has an actual value to an individual or an organization.

29
00:02:18,960 --> 00:02:26,910
Now, there are a set of applications, services, information technology, assets, and there are specific

30
00:02:26,910 --> 00:02:30,730
asset controls for maintaining the asset.

31
00:02:31,140 --> 00:02:37,980
Now, according to ISO, IEC twenty seven thousand one, that is information security management systems,

32
00:02:38,850 --> 00:02:44,270
there are four different controls for asset or control objectives for the asset.

33
00:02:44,610 --> 00:02:49,200
Don't worry, we are going to see the controls and the control objectives as well.

34
00:02:49,200 --> 00:02:56,490
But for the time being, let us foresee now according to that annex, it ought to dot one which defines

35
00:02:56,490 --> 00:02:58,560
the responsibility of assets.

36
00:02:59,400 --> 00:03:05,560
How should one handle the assets and what are the different controls associated with the asset?

37
00:03:05,580 --> 00:03:12,960
So, for example, inventory of assets, which means the organization should identify the assets and

38
00:03:12,960 --> 00:03:20,430
define appropriate protection responsibilities that comes under all this control of inventory of assets.

39
00:03:21,120 --> 00:03:30,090
So if if an auditor finds out that the protection responsibilities have not been defined, he will draft

40
00:03:30,090 --> 00:03:33,320
a nonconformity, saying that this controller.

41
00:03:33,340 --> 00:03:34,680
Let me take my pen.

42
00:03:36,410 --> 00:03:43,040
This control has been violated because the inventory of assets they can't control is not present.

43
00:03:43,910 --> 00:03:51,860
Similarly, ownership of assets, which means the assets associated with the information and the information

44
00:03:51,860 --> 00:04:00,110
processing facilities shall be identified and an inventory of assets shall be drawn up and maintained.

45
00:04:01,070 --> 00:04:04,400
This is the inventory of assets now.

46
00:04:04,400 --> 00:04:10,310
Ownership of assets, assets must be maintained in the inventory and they shall be owned.

47
00:04:10,310 --> 00:04:12,980
They shall be owned by an organization.

48
00:04:13,000 --> 00:04:19,490
There should be the person of the buyer, the receiver and the process that is being done with that

49
00:04:19,490 --> 00:04:20,080
asset.

50
00:04:20,870 --> 00:04:28,220
Then comes the acceptable use of assets, which means the rules for the acceptable use of information

51
00:04:28,640 --> 00:04:36,230
and of assets associated with information and information processing facilities shall be identified,

52
00:04:36,650 --> 00:04:41,750
documented and implement if there is a P.C. in your organization.

53
00:04:41,750 --> 00:04:48,830
And if nothing about that book is present in any of the records, there is no point of having that use.

54
00:04:48,890 --> 00:04:52,850
The auditors will question the existence of that device, right?

55
00:04:53,270 --> 00:04:57,260
So this should be acceptable use defined of that asset.

56
00:04:57,570 --> 00:05:05,450
And finally, is the return of assets, which means all the employees and external party users shall

57
00:05:05,460 --> 00:05:12,590
return all the organizational assets in their position upon the termination of the employment contract

58
00:05:12,590 --> 00:05:13,330
or agreement.

59
00:05:13,820 --> 00:05:19,580
For example, you have retired from your organization and your organization has been providing you with

60
00:05:19,580 --> 00:05:20,300
a laptop.

61
00:05:20,840 --> 00:05:23,870
So it is your responsibility to return those laptops.

62
00:05:23,870 --> 00:05:31,400
And according to this control, there shall be a process defined in order which the employee should

63
00:05:31,400 --> 00:05:39,590
return the asset to the organization because the laptop or the PC is an asset is a valuable thing for

64
00:05:39,590 --> 00:05:40,730
that organization.

65
00:05:41,720 --> 00:05:43,390
Well, this is about this lecture.

66
00:05:43,880 --> 00:05:44,660
To sum up.

67
00:05:44,660 --> 00:05:46,610
We saw what is information.

68
00:05:46,610 --> 00:05:51,100
We saw the definition of information along with the definition of asset.

69
00:05:51,590 --> 00:05:53,890
We also saw the different types of asset.

70
00:05:53,900 --> 00:06:00,440
And finally we saw the different controls that are being applied to information security management

71
00:06:00,440 --> 00:06:03,520
systems when it comes to asset management.

72
00:06:03,980 --> 00:06:05,960
I will see you in the next lecture.