left-svg
Bonus expert support worth $500
with the ISO 45001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Tag: "assets" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Risk Assessment of Assets

    Hello As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group. Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard.  I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups? So, rather than risk assess Core Network VMWare Business Systems Desktop Applications Would we need to risk assess as follows? Core Network VMWare Business System 1 Business System 2 Business System 3 Business System 4 Business System 5 Desktop Application 1 Desktop Application 2 Desktop Application 3 Desktop Application 4 Desktop Application 5 Thanks Lee
  • Assets and Risks

    Is it a fairly standard procedure, when considering risk assessment to follow this idea:

    List all the assets which will include buildings, Servers, Networks, HR data, payroll data, Pension data, training records etc

    Apply a standard set of threats to each and every asset regardless of whether it's a physical asset or an information asset (e.g. Environmental, deliberate external asset compromise, deliberate internal, accidental internal, loss of staff etc.) (In this example we'd apply the 5 threats to each asset to generate the risks i.e. the 7 assets listed would yield 35 Risks 


    Score the risks and generate the treatment plan


    Is it overkill to least each data type? Should we just list the threats against the 3 or 4 data classification types as well as the physical assets.

     

    Any advice greatly appreciated.