Assigning value to assets
Assign topic to the user
Answer: To assign value to an asset corresponding to confidentiality, integrity and availability, you should identify how each of these aspects of the asset influence the organization's objectives, results or operations.
It is important to note that assigning value specifically for confidentiality, integrity and availability is not required by the standard, and the most common practice is to attribute a single value for the asset, so your process do not become too much complex.
2 - Who is responsible for assigning the scale of High medium and low scale to asset?
Answer: The responsible to assign the classification of an asset is the asset owner, the person designated as responsible for the asset.
3- Can you please specify the parameters on which low medium and high is defined for asset corresponding to CIA? With an example can you please state the assigned value to asset corresponding to CIA.
Answer: The parameters for defi ning the levels are particular for the context of each organization, but the most common are financial, legal, reputation and personnel. An example could be the strategic plan, for which a high level of confidentiality is required to ensure achievement of organization's objectives and results.
This article will provide you further explanation about attributing values for aspects of risk management:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
These materials will also help you regarding assigning value to assets:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 14, 2017