Asset register
Assign topic to the user
The application has many components which I assume we would classify as underlying assets. In your Excel worksheet, you have Category of asset, Tool for delivery of service, Underlying assets, Category of underlying asset, Asset name, Asset owner, Risk owner etc.
If I was to classify the application in the worksheet, would I do the following:
Category of asset: Applications and databases
Tool for delivery of service: XXXX
Included features within tool: Here I would list the various modules of the application, e.g. Online access, User Interface, Reports etc
Infrastructure /Server(s) name: Here I would list the names of servers that are used to host the application
Underlying assets: If the application consists of server databases sitting on XX X servers, plus XXX servers would these be classed as underlying assets.
Category of underlying asset: For category of underlying asset, I assume that I would class the XXX Servers as Operating Systems and the XXXX Servers as Database Applications. In the same way, I would classify XXXX as an Operating System and XXXX as a development tool.
Asset Owner and Risk Owner: I assume that I allocate risk owners here based on the technology involved. The Asset Owner in all cases may be the Operations Manager but the risk owners may be the Server Team and the DBA respectively.
So, in summary, if I classify “XXXX” as the tool for delivery of the service and allocate the many underlying components as underlying assets, is this the best approach.
Answer: An approach with this level of detail is not common for small companies in general, but it is not wrong (big companies may see it as adequate). The main question you should consider here is if this level of detail is really necessary for you to manage the risks efficiently.
This article will provide you further explanation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Feb 22, 2018