Expert Advice Community

Guest

CONFORMIO - Assets management

  Quote
Guest
Guest user Created:   Apr 29, 2021 Last commented:   Apr 29, 2021

CONFORMIO - Assets management

Please be so kind to clarify: given the fact that risk assessment in Conformio can be conducted based on groups of assets how we can assess each individual asset in Conformio? The same issue is applicable also for threats, vulnerabilities, likelihood, etc. Thank you in advance for the reply.

Assign topic to the user

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.

Expert
Rhand Leal Apr 29, 2021

Please note that when you perform a risk assessment on a group of assets it means that they share the same risk characteristics, like threats, vulnerabilities, likelihood, etc.

For example, a category called “computer” can have as individual assets servers, desktops, and laptops. In case you assess risk for the category computer, it means that all individual assets have the same risk, so you do not need to assess each individual asset.

Assessing an individual asset would be needed only if you have a risk specific (i.e., different threats, vulnerabilities, likelihood, etc.) for an individual asset in the category. For example, the risk of laptop theft could be different from the risk of server theft, so it may be interesting for the organization to perform risk assessments specifically for laptops.

Considering that, to perform the risk assessment in Conformio for specific assets, you only need to go a step further in the identification of the assets (i.e., you can add a new asset choosing one of the assets included in the “computer” category).

In case you want to assess two kinds of laptops separately, because they have different risks (e.g., financial laptop and development laptop), you would need to add two assets, and name them e.g., "financial laptop" and “development laptop”, and do the risk assessment. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 29, 2021

Apr 29, 2021

Suggested Topics