Assign topic to the user
Answer: You are right in your assumption to substitute the mention of all single employees by a single term, but the correct one to be used is "asset user", because this term establishes that the person who handles the laptop in a given moment is the one responsible for its security. Defining "all employees" as an asset owner is the same as defining that no one is responsible for it.
This article will provide you further explanation about asset management:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Also in the video tutorials that came with your toolkit, you can see examples of how to fill out all the data for Risk assessment and Risk treatment.
Comment as guest or Sign in
Mar 21, 2017