How many times to list an asset on the risk assessment table
Assign topic to the user
From my point of view, if you have 100 desktops computers, all in the same place (office, or facility), and all have the same threats/vulnerabilities, you do not need to identify 100 assets, you can identify an unique asset “Desktop computers” in the risk assessment table. And the same for the laptops, although here maybe you should difference between laptops that are always in the office, and those that frequently are out the office.
Anyway, remember that laptops and desktops computers are the same type of asset: Hardware. So, generally they have the same set of threats/vulnerabilities, the difference will be the impact and likelihood of each threat/vulnerability for each asset.
This article about the asset inventory can be interesting for you “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
This article about how to match asset, threats and vulnerabilities can be also interesting for you “ISO 27001 risk assessment: How to matc h assets, threats and vulnerabilities” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
And our online course can be also interesting for you because we give more details about the asset inventory “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 14, 2016