Business and financial tasks are not exposed to unacceptable risk, why IT should be. Organisations are keen on assessing risks when it comes to financial and or strategic task in order to maximise gain, enhance market share and reduce risk. Despite these tasks are highly dependent on technology, yet IT risks are commonly ignored jeopardising accuracy, integrity, confidentiality and availability.Unprotected tools used to carry out business and financial tasks compromises the tasks performed using it. We know that assets are as weak as their weakest link. Therefore IT infrastructure must have the same level of confidence business and financial tasks usually receive.

A strategic risk assessment not only allows business to meet its objectives and grasp opportunities but also enable organisations to add value to core product and service, empowering business partners, protecting relationships and leveraging trust.Accurately classifying assets is an analogy to creating a firm foundation for a high-rise building. Understanding your assets and their value results in assigning the right control necessary to protect them.

Asset classification is an important first step in the process of risk assessment. However, we understand the challenges of successfully performing this task; business owners commonly believe that their assets are the most important but this view may not be shared with C level members.Creating the right balance between the different assets across the organisation is a key for effective protection. This will require a good understanding of business goals and objectives – designing the link between assets and crucial business activities.

A purely compliance-driven assessment may expose organisations to threats that are not yet addressed by the regulation. For example, ISO 27001 doesn’t cover cloud security and cybercrimes.Designing the right assets classification system will not only help identify organisation risk but will also conform to regulations. As there are many different standards and regulations it will be costly to address each separately. Adopting the right architectural design will provide sufficient flexibility to incorporate choice and change of policy, standards, practices, or legislation.