Take the ISO 27001 course exam and get the EU GDPR course exam for free

Tag: "assets" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Assets and Risks

    Is it a fairly standard procedure, when considering risk assessment to follow this idea:

    List all the assets which will include buildings, Servers, Networks, HR data, payroll data, Pension data, training records etc

    Apply a standard set of threats to each and every asset regardless of whether it's a physical asset or an information asset (e.g. Environmental, deliberate external asset compromise, deliberate internal, accidental internal, loss of staff etc.) (In this example we'd apply the 5 threats to each asset to generate the risks i.e. the 7 assets listed would yield 35 Risks 

    Score the risks and generate the treatment plan

    Is it overkill to least each data type? Should we just list the threats against the 3 or 4 data classification types as well as the physical assets.


    Any advice greatly appreciated.