Assets valuation and the information classification policy
Assign topic to the user
Answer: I assume you are referring to how to valuate an asset, considering the information it handles. A direct answer would be using the results of the risk assessment, i.e. the higher the impact you identified for a particular asset, the higher level of classification you should use.
This article will provide you further explanation about risk assessment:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding risk assessment and information classification:
- B ook Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 14, 2016