One of our primary assets is our customer data which must be kept private. This data is primarily stored in an SQL database, but can also be found in printed form, email, staff member’s brains etc.
Since the customer data can take on so many forms the risks are relevant only to the form in which it takes.
So rather than list “customer data” as an asset, would I list each form of the data as separate assets i.e.
- Customer data in SQL database
- Customer data accessible by web application
- Customer data in printed form
- Customer data transmitted verbally
- Customer data in the minds of employees