LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Assets with Multiple Threats

  Quote
Guest
aduffield Created:   Mar 12, 2019 Last commented:   Mar 13, 2019

Assets with Multiple Threats

Hi there, I am in the process of building the Risk Assessment table and I have a couple of questions. 1. If an Asset such as a Desktop Computer has multiple threats such as it may be stolen, it may be infected with ransomware, etc, how do I express this in the table? Do I list the Asset again and again on the left for each Threat, or do I just put the Asset in once but put multiple Threats in individual cells, top to bottom? 2. Regarding listing 'Documentation' as an asset, would I need to list each type of documentation as individual assets or would I be ok to just have Documentation and then list each threat in individual cells, again top to bottom? Thanks, Andy
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 13, 2019
>1. If an Asset such as a Desktop Computer has multiple threats such as it may be stolen, it may be infected with ransomware, etc, how do I express this in the table? Do I list the Asset again and again on the left for each Threat, or do I just put the Asset in once but put multiple Threats in individual cells, top to bottom?

Answer: Although you can proceed both ways, we recommend you to list the asset as many times as needed, i.e., one for each identified threat, because if in case you need to apply a filter or reorder the list and you listed the asset only once you can lose track of the relation between threats and assets.

>2. Regarding listing ‘Documentation’ as an asset, would I need to list each type of documentation as individual assets or would I be ok to just have Documentation and then list each threat in individual cells, again top to bottom?

Answer: You can define a single asset called "Documentation", covering all types of documents, with no problem, but in case you have threats related to specific types of documents, it may be better to list those ty pes as separated assets. One analogy is when you have the asset "notebook", covering all notebooks in the company, but you have specific risks applicable to R&D notebooks, then you may also use an asset called "R&D notebooks".

This article will provide you further explanation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 12, 2019

Mar 13, 2019

Suggested Topics

Guest user Created:   Jun 05, 2020 ISO 27001 & 22301
Replies: 3
0 0

Inventory of Assets template

Guest user Created:   Mar 12, 2018 ISO 27001 & 22301
Replies: 1
0 0

Risk management

Guest user Created:   Feb 26, 2016 ISO 27001 & 22301
Replies: 1
0 0

Risk Assessment Table