Transcription  
One of the core components of your risk assessment will be the documentation around your assets. We obviously think about computers as an asset that can affect our cyber security posture. But there are more than just computers, there are some virtual systems sometimes that are going to be considered assets. The people that work in your organization. Your physical locations, wherever people are working from. Data repositories and databases and other data stores that you have throughout your systems are considered assets. Processes within your organization that, if damaged or compromised, could potentially affect your cyber security posture. So, identifying these assets and creating an inventory is a very, very important central issue that you have to have in place in order to broaden out and start thinking about the risks to those assets. You can’t possibly protect your organization if you don’t understand the assets that you have in place. One of the fines that was levied against a company that had not conducted a proper risk assessment was an organization that had failed to include a very critical server within their risk assessment. So, being very careful to include anything that could possibly contain critical information or impact your security needs to be part of the inventory that you document.