Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Filling asset inventory

  Quote
Guest
Guest user Created:   Jan 05, 2017 Last commented:   Jan 05, 2017

Filling asset inventory

As explained in the provided video (about Risk Assessment table), each Asset may have several threats. And each threat (of the same asset) may have several different vulnerabilities. And each vulnerability may have different Consequence (from low to high). It's well demonstrated in the video, for the "Laptop" asset). It has 2 different threats (flood, theft) and 3 different vulnerabilities (2 for flood and 1 for theft) with different levels of Consequence (1, 1, 2).
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 05, 2017

But in the Inventory of Assets table we mention each Asset just once (as I understand). So, what level of Consequence to specify in such cases?

Answer: When an asset has different levels of consequence identified in the Risk Assessment table, you should consider for the entry in the Inventory of Assets the highest value identified as a consequence in the Risk Assessment table. Considering the "Laptop" asset example (with consequence values of 1, 1, and 2), you should en try the consequence value of 2 in the Inventory of assets. This way your Inventory of Assets will always present the highest consequence an asset have to your organization.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 05, 2017

Jan 05, 2017

Suggested Topics