Hi friends,
Could you help me with the following question please?:
Is need or mandatory to perform a Gap Analysis before to begin the isms implementation? Its Gap Analysis is about the ISO 27002 controls? Or about the requirements of the ISO 27001?
Which is the best way to perform this activity? based in the CMMI?
Thanks so much.
Best regards.
Assets value
Hi community, I have the following doubt:
How you assess the value of an asset regarding the Confidentiality, Integrity and Availability? You do a average among these values?
For example, if in my asset's qualitative analysis I assign 5 in confidentiality, 3 in the integrity and 1 in availability, which would be the asset value?
5+3+1/3 = 3
or
5 because is the highest value??
Or, Which way do you recommends for compliance with the ISO?
Thank so much.
Best regards