Implement ISO 27001Identifying assets

the goal for me is to implement the iso 27001 in our data IP network with FIREWALL the question is: what do I h a v e  to do?

Answer:

You can see the implementation as a project, so the first thing that you need is a project plan. You can find a free template for the project plan in our free download section “Project plan for ISO 27001 / ISO 22301 implementation” : https://advisera.com/27001academy/free-downloads/
Furthermore this article about the steps that are common in the implementation of ISO 27001 can be also interesting for you “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Finally, this article about firewalls can be interesting for you "How to use firewalls in ISO 27001 and ISO 27002 implementation" : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/ We have received this question:

I am in the process of identifying assets for our organization. I ended up identifying several key IT s ervices which enable various business processes. For example:
IT Service: EMAIL

Information Assets: Supports Communication and storage of Customer Information
Application: MS Exchange
OS: Windows Server 2008 r2
Hardware: HP DL380
Facility: DataCenter
In my risk assessment where do I reference the IT Service and Information Assets line, or are they just ignored? Should I reference them in any other documents? I thought this was a helpful way to group as it shows relationships.
 

Answer:

From my point of view, you should not ignore the IT service, you can identify it as an asset of type service, and assign to it threats/vulnerabilities (in accordance with your methodology).  You can reference this type of asset in the same document that you already have, I mean, in your asset inventory.
Finally, do you need information about threats and vulnerabilities that can affect to your assets? This article can be interesting for you “Catalogue of threats & vulnerabilities” : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Can be interesting for you these articles:

"How to handle Asset register (Asset inventory) according to ISO 27001" : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
"ISO 27001 risk assessment: How to match assets, threats and vulnerabilities" : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/