Anything of value to an organization that needs protection, such as data, systems, people, or facilities.
In information security, an asset is anything worth protecting because it has value to the organization. Assets include information, software, hardware, services, people, and intangibles such as reputation.
An inventory of assets is foundational: you cannot assess risk to something you have not identified. Each asset typically has an owner who is accountable for its protection.
Related frameworks
KaitoSec