What they describe is an awareness and comprehension of company resources and assets. This is the bedrock for a thorough Governance, Risk, and Compliance (GRC) program, as these are the assets upon which risk assessments will be based, as well as the foundation for the company's governance strategy and compliance activity. It's important to understand what requires safeguarding - machines, technology and operations, but also databases and intellectual capital - so that investment and prioritization of security is made most effectively. Risk management can't be a blanket measure, but targeted at the things a company most values, and which are most at risk from compromise. And to get these departments involved in identifying these assets, the security professional can begin by creating cross-functional teams or committees comprised of representatives from IT, finance, human resources, operations and others. The teams could use these cross-functional meetings to conduct an asset inventory and assessment - leveraging the knowledge and expertise of each department in what assets they use or manage on a daily basis. Another way to raise awareness of asset identification and protection is by holding regular workshops or training sessions. Collective efforts like this encourage a broad understanding of the organization's