Asset inventory and the risk links

Assets capture the "what" you're protecting: servers, laptops, databases, applications, facilities, data sets. Record classification (internal/external), criticality (low/medium/high), network details (IP, hostname, serial), and lifecycle dates (purchase, warranty expiry).

The asset ↔ risk link is the one that pays the most in real audits and incident response:

• From the asset detail, link every risk that affects it.
• Now "show me every risk associated with our customer database" is one click.
• Incident response also benefits — when an incident is linked to a risk, the asset-side query tells you what else that risk touches.

Assets can also be referenced from vulnerabilities — a CVE row can cite the affected asset directly.