Hi community, I have the following doubt:
How you assess the value of an asset regarding the Confidentiality, Integrity and Availability? You do a average among these values?
For example, if in my asset's qualitative analysis I assign 5 in confidentiality, 3 in the integrity and 1 in availability, which would be the asset value?
5+3+1/3 = 3
or
5 because is the highest value??
Or, Which way do you recommends for compliance with the ISO?
Thank so much.
Best regards
ISO 27001/ISO 27002 vs COBIT
Understanding the organization and its context
Customer environment
Internal audit
ISO 27001:2013 and PDCA
Locking a computer
Implement ISO 27001
DR site
When we want to assess the capability of DR site for recovery of business activities what we need to take into consideration (organisation, processes, technology,…)