During the risk analysis stage, you should determine the value of your assets.

Hardware and software values are concrete, but some things are hard to quantify, for example, your data.

Consider these questions:

  • How do you determine the value of a database file that you have been compiling for years?
  • How do you accurately assess the value of a customer list that you have been compiling from the time your company started?
  • How do you put a value on private information and trade secrets?

These may never have the correct dollar value assigned to them, but an attempt must be made.