Assets inventory
Assign topic to the user
If we take some examples of the asset list we could easily do a risk assessment of the building or the server room and come to the same risks. f.e. threat: theft and vulnerability: inadequate procedure for protecting the “keys” or threat: interruption of power supply, vulnerability: old “UPS” with no maintenance, etc.
I can come up with many other examples such as air-conditioning, alarm etc. as the risks could be found with other related assets. How should we deal with this ? I suppose it doesn’t matter ? As long as we identify the risks ?
Answer:
The lists provided in the templates are only suggestions for you to use if you can't come up with your own elements, so you can use only your own assets, threats and risks to build you inventory and risk assessment (it seems to me that by your examples you already understood the concepts for performing risk assessment).
It is important to note that you can also group the assets if threats/vulnerabilities are similar.
These articles will provide you further explanation about inventory and risk assessment:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Dec 06, 2018