Guest
Assessing risks for laptops as separate assets?
Consider the following: Laptop (CEO), Laptop (employee), Laptop (middle management). If I am considering e.g. the threat “unauthorized access to information” and “mobile equipment subject to theft” as vulnerability, the likelihood and the consequences are very different for these 3 types of employees. My question is: should I analyze them as different assets?
Assign topic to the user
Expert
Dejan Kosutic
Aug 30, 2016
Answer: Yes - in this case you should use 3 different assets since they obviously have different vulnerabilities, threats, likelihood and impact. You should use one "asset class" only if all assets in that class have very similar vulnerabilities, threats, likelihood and impact.
By the way, this free online training explains the details about risk assessment: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 29, 2016
Aug 29, 2016
Aug 29, 2016