Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Tag: "assets" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Assets and Risks

    Is it a fairly standard procedure, when considering risk assessment to follow this idea:

    List all the assets which will include buildings, Servers, Networks, HR data, payroll data, Pension data, training records etc

    Apply a standard set of threats to each and every asset regardless of whether it's a physical asset or an information asset (e.g. Environmental, deliberate external asset compromise, deliberate internal, accidental internal, loss of staff etc.) (In this example we'd apply the 5 threats to each asset to generate the risks i.e. the 7 assets listed would yield 35 Risks 


    Score the risks and generate the treatment plan


    Is it overkill to least each data type? Should we just list the threats against the 3 or 4 data classification types as well as the physical assets.

     

    Any advice greatly appreciated.