Assets, in terms of cybersecurity, are systems within a network that can be interacted with and potentially expose the network or organization to weaknesses that could be exploited and give hackers a way to escalate their privileges from standard user access to administrator/root-level access or gain remote access to the network. It is important to mention that assets are not and should not be limited to technical systems. Other forms of assets include humans, physical security controls, and even data that resides within the networks we aim to protect.

Assets can be broken down into three categories:

• Tangible: These are physical things such as networking devices, computer systems, and appliances.
• Intangible: These are things that are not in a physical form, such as intellectual property, business plans, data, and records.
• Employees: These are the people who drive the business or organization. Humans are one of the most vulnerable entities in the field of cybersecurity.

One key step in vulnerability assessment and risk management is to identify all the assets within an organization. All organizations have assets that need to be kept safe; an organization's systems, networks, and assets always contain some sort of security weakness that can be taken advantage of by a hacker. Next, we'll dive into understanding what a vulnerability is.