...

Documenting all your assets is the first step towards reviewing and understanidng understanding the relative value of your information assets to your business and the impact if they were lost, stolen, or damaged. Once you have identified which assets are most important (valuable) to your business, you can apply adequate protection and the appropriate security budget to them throughout their life cycle.

...

Are your assets on a local computer, ' cloud ' storage, on social media, a member of staff's computer, a USB stick, a database, or in a filing cabinet? Are they located at home, the main office, or in a storage unit?
If the asset is fixed, record the location.

• Mobile assets: If the asset is mobile, record who uses it on a day-to-day basis and where it is typically used; mobile assets may be governed more by ownership than location. It may also be possible to track portable assets through the use of mobile device management (MDM) software.

• An asset importance rating: The relative value and impact of losing the asset can be recorded using protective marking schemes. Common systems to record this include: [(high, medium, low]), [(public, confidential, secret]), or [(red, amber, green]).

• An asset owner: Having a named owner for each asset ensures that someone is accountable for the activities required to keep it secure. Information asset owners will set the rules around data assets, such as classification, who can access them, and retention periodsperiod.

Managing legacy

...

All software and hardware eventually becomes out of date. Continuing to use products beyond that point involves increased risk, or increased costs to mitigate those risks. Asset management can help organisations identify when systems will reach end of support and plan ahead.

The use of Bring your Own Devices ( BYOD)

...