Guest user Created: May 18, 2016 Last commented: May 18, 2016

Information assets

Who determines what constitutes an information asset? For ISO27001 compliance. I am battling within my organisation ... I define information assets as everything information we care about, including IT equipment and physical information.

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia May 18, 2016

Answer:
I am sorry but ISO 27001 does not establish who determines what constitute an information asset, although the best practice is that the identification of assets is performed by all people involved in the implementation of the standard.

Anyway, one of the most relevant people involved in the implementation (and maintenance) of the ISO 27001 is the CISO (he coordinates the whole project and one of his activities is the asset management). Another important question is the asset owner, which is the employee that operates the asset. This article can be interesting for you “What is the job of Chief Information Security Officer (CISO) in ISO 27001?” : https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/

This article can be also inter esting for you "ISO 27001 risk assessment: How to match assets, threats and vulnerabilities" : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

And our online course can be also interesting for you because we give more information about the assets “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 18, 2016

Expert Advice Community