Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Asset inventory issues

  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Asset inventory issues

Hello Dejan, I wish you happy and healthy new year ! I have a question in regards to some assets in the asset inventory We have Confidential waste bins, shredders and Lockable filing cabinets as assets, however we think that they are more controls to protect documents than Assets to be protected. For Lockable filing cabinets, it could be related to the control 11.3.3 Clear desk and clear screen policy For Shredders and Confidential waste bins, they could be related to the control 10.7.2 Disposal of media What do you thnk about this approach!
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

Kaoutar,

You could view them as controls instead of assets, but this way you could miss some threats and vulnerabilities directly related to such controls - e.g. confidential waste bins could be placed in positions where they are accessible to too many people; lockable filing cabinets might have weak locks, etc.

Therefore, I would advise to view them both as assets and as controls. Such duplication won't add significantly to your risk assessment job, but it will certainly increase the quality of results.

By the way, the controls you are referring to are from old 2005 revision of ISO 27001. Controls from new ISO 27001:2013 are as follows:
- A.8.3.2 Disposal of media
- A.11.2.9 Clear desk and clear screen policy

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics