Expert Advice Community

Guest

Asset Type in the Information Asset Inventory

  Quote
Guest
Guest user Created:   Jan 24, 2020 Last commented:   Jan 24, 2020

Asset Type in the Information Asset Inventory

In your book you state ".. processes are not part of the asset inventory ..".

And I cannot find processes in the predefined categories of the table in 05.1 of your doc framework.

What is the reason for this? Are processes handled somehow separately? Or is it because we just should take into account the assets the processes consist of?

0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Expert
Dejan Kosutic Jan 24, 2020

The reason for not including the processes in the risk assessment methodology and templates is that we have based our risk assessment on the so-called "asset-based approach". This approach is the mainstream in the information security world because it provides the best balance between the precision of results and the amount of effort.

It is not recommended to mix assets with processes because this will only confuse things - the most optimal way is to go with asset-based approach. 

Therefore, you should only use the assets that your processes consist of. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 24, 2020

Jan 24, 2020