| 1 | | Attritube ID (unique descriptor) | | | | | Description of Asset: Sufficiently descriptive to be meaningful to any legitimate user | | | Location(s): Identify all physical and virtual locations of the information resource | | | Asset owner: Identify the individual, group, or organization that who owns the asset. If ownership unclear, explain. | | | Threats: Identify possible threats to the asset and threat actors of concern | | | Likelihood of Threat(s) (1-10): Best guess on the likelihood of encountering the threats, 1 = not at all likely, 10 = fully expected | | | Confidentiality Assessment: Descriptive statement about the impact of a loss of confidentiality (limited access / privacy) of the asset. | | | Integrity Assessment: Descriptive statement about the impact of a loss of integrity (trustworthiness) of the asset | | | Availablity Assesement: Descriptive statement about the impact of a loss of reliable access to an asset. | | | Current protections: Describe how the asset is currently protected. | | | Additional protection options: Describe other known protection options, including technologies and / or processes, that may provide more or different protection of the asset | | | Protection decision: Describe the current protection for the asset any why that was decision chosen. | | | Open vulnerabilities: Describe known weaknesses in how the asset is currently being protected and why this vulnerability is being allowed to exit. | | | Protection priority (1-5): Subjective assessment of the importance of protecting the asset. 1 is highest and 5 is lowest. | | |
