The inception of security activities is a clear picture of assets you must protect. It was recognised thousands of years ago and first time documented by Sun Tzu in his book "The art of war" in the 5th century BC. Since then, nothing changed. You cannot protect what you did not know you had to protect. Being you a student or a CISO of a multinational company, the principle remains the same. Strangely, so many people forget this. Or maybe avoid? It seems to be one of the most painful things to do because of the variety of assets you consume. Can you list all your user-accounts? All places with your data? All devices at home? All servers and network equipment in the organisation? Unfortunately, it's also complicated by the fact that this is not a one-time task, and you need to know your assets at any given time.