Inventory of assets
Assign topic to the user
Answer: I saw that you covered assets most related to hardware and information media. Considering the ISO 27005 standard (information security risk management), annex B (identification and valuation of assets and impact evaluation), I think you should also consider the following for assets that will need some sort of control that will be relevant for every employee:
- Specific types of information (e.g., those with high cost to produce or replace, those related to business strategy and performance, people's privacy, etc.)
- People in specific positions (e.g., decision makers, key department managers, developers, products/processes specialists, etc.)
In the Inventory of Assets template that comes with your toolkit you have a list of assets you can consider (sheet "Checklist of assets").
If you still have any doubts, included in your toolkit you can schedule a meeting with one of our experts so he can provide you additional support. To schedule a meeting you can access this link: https://advisera.com/27001academy/consultation/
Comment as guest or Sign in
Oct 04, 2017