Asset handling in risk assessment
Thanks for the support and information you are giving us. I am now doing the risk assessment and I have a question for you. So we have different Asset owners and let's say they all have laptops. So do I need to put every laptop and its associated risks, threats, and vulnerabilities or I just categorize it as laptops?
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
In cases like this, you can use a single item like "corporate laptops" to refer to all laptops in your organization in the risk assessment process. Please note that, if you have a situation where different groups of laptops need to be treated differently, you can adopt multiple items, like "development laptops", "management laptops", etc.
Comment as guest or Sign in
Oct 31, 2019