Asset and Risk management
Assign topic to the user
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now 
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
Answer: An asset should have only one owner. The owner is normally a person who operates the asset and who makes sure the information related to this asset is protected. You can define a role as the asset owner and make a link to an external competence matrix.
This article will provide additional information:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
2 - Different kinds of contracts, Supplier contracts, rental contracts, parking contracts, customer contracts… Do we have to list all of these contract groups ? or can we list them as contracts ?
Answer: If these cont racts have similar clauses you can list them only as contracts. For those which have specific clauses you should list them separately, because such different clauses may require different approaches when defining risk treatment.
3 - What are common combinations for documents in the threats and vulnerability ?
Answer: Common threats and vulnerabilities related to documents, either for paper or electronic documents, are:
- Compromising confidential information (threat)
- Destruction of records (threat)
- Disclosure of information (threat)
- Falsification of records (threat)
- Industrial espionage (threat)
- Disposal of storage media without deleting data (vulnerability)
- Inadequate or irregular backup (vulnerability)
- Inadequate physical protection (vulnerability)
- Inadequate segregation of duties (vulnerability)
Any combination of above threats and vulnerabilities may mean a risk for your organization's information.
These articles will provide you more information about threats and vulnerabilities:
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Aug 09, 2018