Asset inventory issues
Assign topic to the user
Kaoutar,
You could view them as controls instead of assets, but this way you could miss some threats and vulnerabilities directly related to such controls - e.g. confidential waste bins could be placed in positions where they are accessible to too many people; lockable filing cabinets might have weak locks, etc.
Therefore, I would advise to view them both as assets and as controls. Such duplication won't add significantly to your risk assessment job, but it will certainly increase the quality of results.
By the way, the controls you are referring to are from old 2005 revision of ISO 27001. Controls from new ISO 27001:2013 are as follows:
- A.8.3.2 Disposal of media
- A.11.2.9 Clear desk and clear screen policy
Comment as guest or Sign in
Jan 12, 2016