Assets Inventory
I have a question to Assets Inventory:
When describing Software, should we go detailed and list every important software which we have, or just list that generally, grouping like in sample excel:
application software (licensed)
freeware; shareware
system software
various tools
databases
Assign topic to the user
ISO 27001 does not prescribe a detailed level for assets, so organizations can define the detail level that best suits them. This is generally a balance between the administrative effort and the need for information to ensure proper security. For example, you do not need to record organizations notebooks as individual assets (you can add an asset called "notebook"), but if they have specific purposes with different risk levels you can use specific assets like "notebook", "development notebook", and "finance notebook". The same concept applies to software.
For further information:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Aug 20, 2020