Your documents reference software as being an asset, shall I document client pcs software individually as an asset(office, adobe ,etc), group them as a business productivity apps category, or ignore them altogether?
Answer:
Yes, we reference the software in our templates as a type of asset, and from my point of view the best is to document and group the software in categories (operative system, office, database, etc.)
By the way, do you know how to match assets, threats and vulnerabilities? This article can be interesting for you ISO 27001 risk assessment: How to match assets, threats and vulnerabilities : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Jan 12, 2016