Categorization of assets
Assign topic to the user
Examples: Would you say contracts are a primary asset or a supporting asset. How about job descriptions, NDA, SLA, DPA, Sales offers. Is there a good technique on how to categorize properly? In the risk assessment table template from Advisera, only suggested assets are listed.
Answer:
ISO 27001 does not prescribe asset categorization, so you do not need to implement further categorization than that is already provided on the suggested list of assets on the risk assessment table template (add such categorization will only unnecessarily complicate the process.).
Contract, job descriptions, NDA, SLA, and DPA are documentation, while sales offers is information (unless this refers to the name of a document)
This article will provide you further expl anation about asset register:
- How to handle Asset register (Asset inventory) according to ISO 27001https://advisera.com/27001academy/pt-br/blog/2016/10/25/onde-a-seguranca-da-informacao-se-encaixa-em-uma-organizacao/
Comment as guest or Sign in
Apr 13, 2019