Risk Assessment Table
Assign topic to the user
You can merge them into a single asset type - as you mentioned "Employee laptops".
In the video, you also mention that in the merge process, we should choose the highest overall score for each asset listed if there is overlap from many independent assessments done by independent asset owners. This conflicts with my original intuition: If an asset has multiple vulnerabilities, I originally assumed we should include the same asset multiple (potentially many) times in the Risk Assessment table, not just the highest.
You should include all the threats and vulnerabilities related to these assets that are merged, however for the level of impact and level of likelihood you should take the highest score from all the asset owners - this way you won't lose any information, and you will be aware of the worst case scenario.
Comment as guest or Sign in
Feb 26, 2016