Protection-of-information-assets reflect the development and deployment of security controls to support ISG. Commonly, protection-of-information-assets require implementing:
- Logical Access Controls
- Network Infrastructure Security
- Physical Access Controls
- Risk Analysis Processes
- Environmental Controls
- Confidentiality Life Cycle Controls
Based on assessed risk, once information security management ratifies information resources protection requirements, information security baselines can be developed and deployed. Safeguarding baselines vary depending on asset sensitivity, criticality, and/or impact. However, minimally, information assets should be protected against misuse, abuse and destruction. When implemented, information assets protection baselines can be expressed as technical, operational and managerial standards applicable throughout the entity.