Information assets classification
Assign topic to the user
Answer: Good practice suggests that information assets classification should be done through a four-steps process:
- information assets should be entered in an Inventory of Assets, so you know which assets to protect
- information assets should be classified, considering their value to the organization and the impact if compromised
- information assets should be labeled, so people can identify its classification
- information assets should be handled in a secure way, considering their classification level
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
2. How can I identify info assets?
Answer: To properly identify info assets you have to consider your ISMS scope and the objectives of your ISMS, because from them you can identify which assets you have to protect. For example, if one obje ctive of the ISMS is to ensure the protection of the customer support service running on your organization's headquarter, you will know you have to consider the hardware, software and databases located on the headquarter's premises.
This article will provide you further explanation about asset inventory:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Feb 20, 2019