Cyber Security Strategy: Step 1 – Identify Your Assets

With cybercrime a real risk for every business every day, cyber security should be a priority. A cyber security strategy can help you to manage the risk. However, one of the biggest challenges is knowing where to start.

It is critically important to recognise that the development of a cyber security strategy needs to be driven by executive and senior leadership.  Cyber is not just an IT issue, it is a whole business issue.

There are many different articles written on this topic, but many neglect what we consider is the essential first step – identifying your assets. Instead, the articles recommend jumping right into the next stage – protect your assets.

We ask, how can businesses protect something if they don’t know anything about where it is, who has access to it and how it is

We see there are four key stages to establishing a cyber security strategy – identify, protect, detect and respond/recover. This article describes the first step. Future blog articles will look at the other steps.

The process of asset identification needs to concentrate on information security — the systems that hold the information and the devices that contain information that could be compromised.

Every business should know where its information assets are, who has access to them and how they are accessed.  Importantly, every business should be aware of any vulnerabilities.

To help with this, here’s some questions of the questions you should be asking:

  • Have we identified what our highest priority information is?
  • Where is our critical information held?
  • Who has access to it?
  • How is it secured?
  • How can they access it?
  • What are the risks around our IT systems and information?
  • What are the vulnerabilities around our IT systems and information?

Critical types of information that businesses may have include:

  • Intellectual property – including designs and patents
  • Tax file numbers
  • Medical records
  • Personal details
  • Building plans
  • Financial transaction data
  • Client records
  • Employee records
  • Trade secrets… and more.

The key to success in identifying assets is not to do it on your own. The risks of cyber-attack is too great and the consequences could be devastating. Instead, we encourage you to engage an expert to assist you in identifying your information assets and designing a suitable cyber security strategy.

Read the other Cyber Security Strategy blogs in this series:

Cyber Security Strategy: Step 2 – Protect Your Assets

Cyber Security Strategy: Step 3 – Detecting and Identifying a Breach

Cyber Security Strategy: Step 4 – Responding to and Recovering from an Incident

If you need any assistance with your cyber security or managed IT services Brisbane wide, start by calling us on  1300 478 738 or email us at

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top