An asset is anything of value that may require protection. Such assets may be tangible (physical property, equipment, cash, or cash equivalents) or intangible (goodwill, reputation, trademarks, patents, software, business processes).
In security theory, the word asset is used as the most general indicator of that which must be secured. A system with no value would not be worth attacking or defending. Analysis of risk mitigation or the cost effectiveness of any particular type of security control requires the ability to assign some sort of asset value to the data, systems, or processes needing protection. For most business purposes, it makes sense to follow standard accounting procedures and to measure asset value in dollars or some other common currency. However, from an IT security standpoint, there is nothing to prohibit a more general understanding of assets as anything that carry a value. For example, individuals may value privacy, without being able to put a specific dollar amount on it. That being said, however, penalties imposed on organizations for lax security tend to be financial in nature, so using cost accounting terms as a framework for security analysis is generally a useful procedure.
See also ARTS.