Expert Advice Community

Home / ISO 27001 & 22301 / Assessing risks for laptops as separate assets?

Guest

Assessing risks for laptops as separate assets?

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Aug 30, 2016 Last commented:   Aug 30, 2016

Assessing risks for laptops as separate assets?

ISO 27001 & 22301
Consider the following: Laptop (CEO), Laptop (employee), Laptop (middle management). If I am considering e.g. the threat “unauthorized access to information” and “mobile equipment subject to theft” as vulnerability, the likelihood and the consequences are very different for these 3 types of employees. My question is: should I analyze them as different assets?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.
Expert
Dejan Kosutic Aug 30, 2016

Answer: Yes - in this case you should use 3 different assets since they obviously have different vulnerabilities, threats, likelihood and impact. You should use one "asset class" only if all assets in that class have very similar vulnerabilities, threats, likelihood and impact.

By the way, this free online training explains the details about risk assessment: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 29, 2016

Aug 29, 2016

Suggested Topics
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Guest user Created:   Aug 10, 2023 ISO 27001 & 22301
Replies: 1
0 0

What asset to list when Risks relate to general or high-level assets?
Guest user Created:   Mar 27, 2023 ISO 27001 & 22301
Replies: 1
0 0

Questions about information security risks ISO 27001