Asset inventory and risk analysis
Which and too and approach can I use to make my asset inventory and risk analysis in order to see which control I need to put in place?
Assign topic to the user
I’m assuming you are asking for tools and approaches for asset inventory and risk analysis.
Considering that, it is our policy not making recommendations about tools or technologies.
Regarding the approach for risk analysis, the most common approach used for information security based on ISO 27001 is the asset-threat-vulnerability approach.
For more information, see:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
To see a template of risk assessment compliant with ISO 27001, see this link:
- Risk Assessment Table https://advisera.com/27001academy/documentation/risk-assessment-table/
As for asset inventory, ISO 27001 does not prescribe an approach for asset inventory. Actually, the inventory of assets is not needed, especially when companies are implementing the standard for the first time - it is enough to develop a list of assets for the Risk assessment, and once this is done this list is simply copied to Inventory of assets.
To see a template of inventory of assets compliant with ISO 27001, see this link:
- Inventory of Assets https://advisera.com/27001academy/documentation/inventory-of-assets/
This article will provide you a further explanation about the inventory of assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you with these activities:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 13, 2021