Information Resource Valuation

In every organization, there are critical resources that must be identified and protect in order to support the organization's business functions. Every identified asset must be valued, and an asset value can be either tangible or intangible.

A tangible asset value is one that has an assigned monetary value and has a physical presence within the organization. The asset is valued based on its original cost minus depreciation. For example, how much would it cost to replace a web server?

An intangible asset value is one that is not physical, and it is hard to assess a monetary value to it. Therefore, when an organization wants to assess the value of an intangible asset, the organization should hire a financial professional. Examples of intangible asset value include trademarks, brand recognition, intellectual property, or patents.

Because risk is a cost-weighted measure of vulnerability, planners assign cost factors to recognized vulnerabilities according to the impact each might have on the organization's employees, facilities, customer base, or key business processes. An impact analysis with more specific categories might be developed to any arbitrary degree of detail using the many analysis tools available. A notional risk analysis tool may produce total risk scores by extending the previous vulnerability analysis.

In the example presented in the table below, cost factors and relative likelihood scores are multiplied across the vulnerability from left to right to quantify the risk associated with each specific vulnerability. In this analysis, a cost factor of 1 equates to "no effect." The far right column displays the total risk score. BP1, BP2, and BP3 stand for business processes 1, 2, and 3, respectively.

Example of Aggregate Risk Analysis Summary
Risk Analysis EmployeesFacilitiesCustomersBP1BP2BP3Total Risk
ThreatRelative LikelihoodCostCostCostCostCostCostTotal Risk
VFLOOD4N313112118
VFIRE2Y332141172
VFIRE4Y112122216
VPOWER3Y22234421152
Source: UMGC course IFSM432

Cost factors representing the impact analysis for individual vulnerabilities are another area where you rely upon subjective judgments. For any given threat event, the impact on employees can range from a minor inconvenience, to financial difficulty, to injury, or even death. Similarly, disruption to a facility may prompt a simple safety inspection, a small repair, large-scale remodeling, or an entire demolition and reconstruction operation.

Due to natural interdependencies among employees, customers, suppliers, facilities, and equipment, a seemingly small vulnerability may end up disrupting one or more business processes. Therefore, planners must strive for a well-reasoned impact analysis for each specific vulnerability.

Check Your Knowledge

Choose the best answer to each question:
Question 1
Disruption to a facility may prompt a simple safety inspection, a small repair, large-scale remodeling, or an entire demolition and reconstruction operation.
True
False
Question 2
Due to natural interdependencies among employees, customers, suppliers, facilities, and equipment, a seemingly small vulnerability may end up disrupting one or more business processes.
True
False
Question 3
A tangible asset value is one that is assigned a monetary value and has a physical presence within the organization. The asset is valued based on its original cost.
True
False
Question 4
An intangible asset value is one that is not physical and it is hard to assess its monetary value. Therefore, it is recommended that the organization hire a financial professional to assess.
True
False
Question 5
Cost factors representing the impact analysis for individual vulnerabilities are another area where we rely upon objective judgments.
True
False