Inventory of assets
Assign topic to the user
I know have a better understanding of the 'Assets' that should be recorded in the risk register, you did answer a question yesterday for me about listing every server and you suggest to group them together.
So, if I have an asset of a 'Database Server' on the risk register, what would I put in the 'Information Asset Inventory'? I was thinking of then breaking it down to the different applications that use the database server, does that sound correct?
Answer: In the 'Information Asset Inventory' you must include all assets you identified in your risk register. Since the standard doesn't define to which level of details the assets need to be described in the Inventory of assets, you can list servers in general or not only the 'Database Server' but also all the different applications that use the database server that you have identified in your risk register.
This article will provide you further explanation about inventory of assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
This material will also help you regarding inventory of assets:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
May 12, 2018