Towards More Structured Information Asset Identification Approach for Risk Assessment Methods : Using Genre Based Method

Abstract: Information asset identification is a preparatory phase in every risk assessment method which makes the basis for identifying risks associated to those assets. Current risk assessment methods have deficiencies to provide a structured approach towards identifying information assets. They take a stance of what an information asset is than how to identify one. On the other hand they ignore dynamic work environment to acknowledge employees as the knowledgeable entities within the organization. Although current literature enumerates current risk assessment limitations with respect to their approaches towards information asset identification, but it lacks a systematic approach to map information assets. In this research we proposed that Genre Based Method (GBM) can fulfil the gap. For this reason we utilized GBM into a lightweight risk assessment method, OCTAVE Allegro. The proposed method was tried out by two CISOs and one Principal located in three different companies. It was suggested that GBM could be used in parallel with OCTAVE Allegro during the information asset mapping with the help of producers and users of information (PUI) or their representatives. PUI entities participate in a social debate to scrutinize genres in which they transfer information with the help of supported tools like diagonal matrix and genre worksheet. Further on, identified information assets are fed into OCTAVE Allegro for further risk assessment. The result shows that GBM’s supported tools and guidelines can identify channels of communication where there is a potential leakage. This paper therefore suggests that GBM can facilitate enumeration of information assets through channels of communications or genres.