Inventory of assets and Risk assessment
1. I am having trouble finding out how these two documents are connected (are both needed?) 11.A.8.1_Inventory_of_Assets_Integrated 07.1_Appendix_1_Risk_Assessment_Table_Integrated In inventory of assets.
2. How do we know how to assess "Impact/Consequences"? What do we base that rating on?
3. And how do we transfer that rating to the Risk Assessment table
Assign topic to the user
1. I am having trouble finding out how these two documents are connected (are both needed?) 11.A.8.1_Inventory_of_Assets_Integrated 07.1_Appendix_1_Risk_Assessment_Table_Integrated In inventory of assets.
The Risk assessment table is a mandatory document if you want to be certified against ISO 27001, while the inventory of assets is needed only if control A.8.1.1 (Inventory of assets) is considered applicable to your ISMS.
The relation between these documents is that all assets identified in the Risk assessment table must be copied to the Inventory of assets provided the control A.8.1.1 is considered applicable.
2. How do we know how to assess "Impact/Consequences"? What do we base that rating on?
The way to perform the assessment of impact is defined in the Risk Assessment and Risk Treatment Methodology, located on folder 10 Risk Assessment and Risk Treatment of your toolkit.
The assessment of Impact/Consequences is based on the impact of the loss of confidentiality, integrity or availability of information.
By the way, included with your toolkit you have access to a video tutorial that can guide you on how to fill in the Risk Assessment table, presenting examples with real data.
This article also can be interesting for you “How to assess consequences and likelihood in ISO 27001 risk analysis”: https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
3. And how do we transfer that rating to the Risk Assessment table
Once you identify the impact/consequence level, which range is defined in the Risk Assessment and Risk Treatment Methodology, you must input this value in column G of the Risk assessment table.
You also can see how this is performed in the video tutorial mentioned in answer 2.
Comment as guest or Sign in
Oct 09, 2019