Defining the compromised asset is the easiest of the four As. There are no sub-elements, so every property is relevant. Assets whose ownership, authenticity, or usefulness to the legitimate user is affected by the incident are described here.

The following screenshot shows some of the pieces of relevant information required about compromised assets, with some of the available options:

Under variety, the different asset types have been broadly separated into six categories. This can be used to assist searching, sorting, and filtering, but the category itself should not be selected in isolation; an incident should not affect simply media, but should be as specific as possible (for example, media—flash drive). While it is not expected that operators will know the entire enumerated list, the six categories under variety should be known. For each sub-item, the category is denoted by a single character (S, N, U, T, M, or P). The assets listed here help other security analysts quickly determine which incidents or vulnerabilities may at some point be relevant to their own organizations. Some incidents affect multiple assets. If this is the case, these can be entered individually.