The Assets section in the Risk Assessment allows you to add, remove and evaluate the Assets within the specific Assessment. To add an asset to the Assessment, click the yellow ‘+’ icon at the top of the Asset list: Note: Before adding Assets to the Assessment, you must first create the Asset and add it to your organizations Business Entity. Only Assets that have been associated with the Business Entity that the Assessment was created against will appear in the Asset selection dialog. Select one or more Assets from the Asset selection dialog and click OK. If you had already added Risks to the Asset within the Common Asset section in RM Studio, those risks will appear in the associated Risks list for the Asset. Otherwise, you can add Risks to the asset within the Assessment. See the next section on Adding Risks. You must also choose who’s responsible for that Asset. According to the ISO 27002 Standard, a Responsible Person (Owner) must be registered for all information Assets in addition to assessing their Confidentiality, Integrity and Availability. The Responsible Person cannot be the Business Entity itself, but must be a specific individual who is registered under a name or job position. Then you can select an operator. The Responsible Person and the Operator need not be the same person. The Operator is also selected from a drop down list. The System Administrator can be the Operator, while the head of the IT division is the person Responsible for the Asset. 6.1.2.Adding Assets to the Risk Assessment