The U.S. Department of Energy (2002) provided a perspective on risk management as a process that emphasizes an enterprise-wide approach to critical asset identification:

"It is important to use an approach that evaluates all the important corporate assets against a common (across the enterprise) set of criteria. The result is a uniform enterprise-wide prioritization, rather than a business unit by business unit prioritization. This uniformity avoids the disparity in ranking that frequently develops when each business unit conducts its own prioritization. It also provides uniform treatment to common assets such as communications and information technology (IT) networks services."

"Identifying asset criticality is a vital element of assessing and managing risk. A typical security based risk management process is depicted [in Figure 1 below]."

Figure 1: Example Risk Management Process

(U.S. Department of Energy, 2002)

"Identification of asset criticality serves several functions:

• It enables more careful consideration of factors that affect risk, including threats, vulnerabilities, and consequences of loss or compromise of the asset.
• It enables more focused and thorough consideration of risk mitigation options.
• It enables leaders to develop robust methods for managing consequences of asset loss (restoration).
• It provides a means to increase awareness of a broad range of employees to protect truly critical assets and to differentiate in policies and procedures the heightened protection they require."