Guest user Created: Jan 05, 2017 Last commented: Jan 05, 2017

Filling asset inventory

As explained in the provided video (about Risk Assessment table), each Asset may have several threats. And each threat (of the same asset) may have several different vulnerabilities. And each vulnerability may have different Consequence (from low to high). It's well demonstrated in the video, for the "Laptop" asset). It has 2 different threats (flood, theft) and 3 different vulnerabilities (2 for flood and 1 for theft) with different levels of Consequence (1, 1, 2).

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 05, 2017

But in the Inventory of Assets table we mention each Asset just once (as I understand). So, what level of Consequence to specify in such cases?

Answer: When an asset has different levels of consequence identified in the Risk Assessment table, you should consider for the entry in the Inventory of Assets the highest value identified as a consequence in the Risk Assessment table. Considering the "Laptop" asset example (with consequence values of 1, 1, and 2), you should en try the consequence value of 2 in the Inventory of assets. This way your Inventory of Assets will always present the highest consequence an asset have to your organization.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 05, 2017

Expert Advice Community