How do you integrate employees as assets in the process, by position, by name, by level? Are the typical risk associated things like resigning, death, intentional damage to other assets, etc?
Answer:
From my point of view, the best is to identify people as asset by their role (or position): system administrator, head of IT department, etc. Regarding typical risk associated, you can consider unavailability of each person (due to any reason), frequent errors (due to lack of training), etc. This article can be interesting for you How to handle Asset register (Asset inventory) according to ISO 27001 : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/ and also this one ISO 27001 risk assessment: How to match assets, threats and vulnerabilities : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Remember that for the identification of the risk associated with each asset, you need to identify threa ts and vulnerabilities related to them, so this article can be also interesting for you because is a catalogue of common threats and vulnerabilities Catalogue of threats & vulnerabilities : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Finally, our online course about ISO 27001 can be also interesting for you ISO 27001:2013 Foundations Course : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 13, 2016