One of the first components of risk identification is identification, inventory, and categorization of assets, including all elements, or attributes, of an organization's information system.  List and describe these asset attributes.

What will be an ideal response?

People comprise employees and nonemployees.?Procedures fall into two categories: IT and business standard procedures, and IT and business-sensitive procedures.?Data components account for the management of information in all its states: transmission, processing, and storage.?Software components are assigned to one of three categories: applications, operating systems, or security components.?Hardware is assigned to one of two categories: the usual systems devices and their peripherals, and the devices that are part of information security control systems.?Hardware components are separated into two categories: devices and peripherals, and networks.