Expert Advice Community

Guest

Implement ISO 27001Identifying assets

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Implement ISO 27001Identifying assets

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

the goal for me is to implement the iso 27001 in our data IP network with FIREWALL the question is: what do I h a v e  to do?

 

Answer:

You can see the implementation as a project, so the first thing that you need is a project plan. You can find a free template for the project plan in our free download section “Project plan for ISO 27001 / ISO 22301 implementation” : http://advisera.com/27001academy/free-downloads/
Furthermore this article about the steps that are common in the implementation of ISO 27001 can be also interesting for you “ISO 27001 implementation checklist” : http://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Finally, this article about firewalls can be interesting for you "How to use firewalls in ISO 27001 and ISO 27002 implementation" : http://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/We have received this question:



I am in the process of identifying assets for our organization. I ended up identifying several key IT s ervices which enable various business processes. For example:
IT Service: EMAIL

Information Assets: Supports Communication and storage of Customer Information
Application: MS Exchange
OS: Windows Server 2008 r2
Hardware: HP DL380
Facility: DataCenter
In my risk assessment where do I reference the IT Service and Information Assets line, or are they just ignored? Should I reference them in any other documents? I thought this was a helpful way to group as it shows relationships.
 

Answer:

From my point of view, you should not ignore the IT service, you can identify it as an asset of type service, and assign to it threats/vulnerabilities (in accordance with your methodology).  You can reference this type of asset in the same document that you already have, I mean, in your asset inventory.
Finally, do you need information about threats and vulnerabilities that can affect to your assets? This article can be interesting for you “Catalogue of threats & vulnerabilities” : http://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Can be interesting for you these articles:

"How to handle Asset register (Asset inventory) according to ISO 27001" : http://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
"ISO 27001 risk assessment: How to match assets, threats and vulnerabilities" : http://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016