Guest
Assets to consider in an inventory
With regard to my risk assessment approach I am preparing the asset (inventory) table. I have listed the classic assets such like clients, mobile phones, infrastructure, servers, suppliers etc. But, I am note sure to what extend I need to compile assets which are also safeguards already implemented, such as secure VPN, physical and virtual firewall solutions, anti-virus software etc. Shall I define them as assets and make the risk analysis accordingly, although these assets are the consequence from a previous risk check?
Expert
Rhand Leal
Jan 04, 2017
Answer: Even though these assets are consequences from previous risk assessments, you should include them in your asset inventory and perform the risk assessment on them, because as new elements in your environment they also add new risks to it (e.g., improper maintenance can lead to outdated anti-virus and firewall rules, etc.). Additionally, by including them on the inventory of assets, you make your task of identifying who is responsible for them easier.
This article will provide you further explanation about inventory o f assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding inventory of assets:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own http://advisera.com/books/secure-simple-a-small-business-guide-toimplementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course http://training.advisera.com/course/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 04, 2017
Jan 04, 2017
Jan 04, 2017