Security asset inventory
Assign topic to the user
For a smaller company it is much quicker if the assets are listed during the risk assessment process - first the assets are listed, then relate threats and vulnerabilities to those assets. Essentially, the same effect is achieved as you suggested.
For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Jan 13, 2022