In order to determine what the best value that should be assessed when evaluating the worth of an information asset depends on the organization. Both replacement costs and lost income while repairing or replacing are critical aspects of an organization. Determining what value an organization focuses on depends on the organization itself and the situation. If the replacement costs are very expensive, then organizations will focus less on lost income. If the situation is the reverse, then the organization should focus on the lost income while repairing/replacing. 

While performing a risk assessment, a numeric value is added to a vulnerability. The lower the numeric value, the less consideration is required when dealing with the vulnerability. When the vulnerabilities numeric value reaches 0, there is no more consideration required (Kassa, 2017).

Kassa, S. G. (2017, May 1). IT Asset Valuation, Risk Assessment and Control Implementation Model. Retrieved October 20, 2020, from https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/it-asset-valuation-risk-assessment-and-control-implementation-model