Expert Advice Community

Guest

Asset register

  Quote
Guest
Guest user Created:   May 08, 2020 Last commented:   May 08, 2020

Asset register

I need to build an asset and a risk register. I think I understood the concept but I'm having some difficulties drawing an Excel file.

Understand that there are primary assets (processes, information) and supporting assets (PCs, SW, Site, etc)

1 - Should all these assets be included in the same column, having for example the categorization in another column or should I have 2 different tables, with a relation between supporting assets and primary ones?

2 - Are the threats and vulnerabilities related to supporting assets and thus impacting the related primary assets? How should this be mapped in an Excel file?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 08, 2020

1 - Should all these assets be included in the same column, having for example the categorization in another column or should I have 2 different tables, with a relation between supporting assets and primary ones?

 ISO 27001 does not prescribe how to build the risk register, so you can define it as better fits your organization. The most common approach is to use a single table for all assets, all listed in a single column (you do not need to define them as primary and supporting assets).

2 - Are the threats and vulnerabilities related to supporting assets and thus impacting the related primary assets? How should this be mapped in an Excel file?

ISO 27001 does not prescribe a risk assessment approach, only that you have to define one, so from our experience you do not need to think assets in terms of primary assets and support assets (this would only make your assessment unnecessary more complex). You can just link threats and vulnerabilities to a single level of assets

To see how risk assessment looks like, I suggest you take a look at the free demo of our Risk Assessment Table at this link: https://advisera.com/27001academy/documentation/risk-assessment-table/

These articles will provide you a further explanation about assets and risk assessment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 08, 2020

May 08, 2020