Expert Advice Community

Guest

Assets valuation and the information classification policy

  Quote
Guest
Guest user Created:   Nov 14, 2016 Last commented:   Nov 14, 2016

Assets valuation and the information classification policy

Regarding 27001 information classification policy, if we are to implement the information classification policy using this purchased document, how we are to factor assets?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 14, 2016

Answer: I assume you are referring to how to valuate an asset, considering the information it handles. A direct answer would be using the results of the risk assessment, i.e. the higher the impact you identified for a particular asset, the higher level of classification you should use.

This article will provide you further explanation about risk assessment:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

These materials will also help you regarding risk assessment and information classification:
- B ook Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 14, 2016

Nov 14, 2016