I need to build an asset and a risk register. I think I understood the concept but I'm having some difficulties drawing an Excel file.
Understand that there are primary assets (processes, information) and supporting assets (PCs, SW, Site, etc)
1 - Should all these assets be included in the same column, having for example the categorization in another column or should I have 2 different tables, with a relation between supporting assets and primary ones?
2 - Are the threats and vulnerabilities related to supporting assets and thus impacting the related primary assets? How should this be mapped in an Excel file?