Expert Advice Community

Guest

Inventory of assets and Risk assessment

  Quote
Guest
Guest user Created:   Oct 09, 2019 Last commented:   Oct 09, 2019

Inventory of assets and Risk assessment

1. I am having trouble finding out how these two documents are connected (are both needed?) 11.A.8.1_Inventory_of_Assets_Integrated 07.1_Appendix_1_Risk_Assessment_Table_Integrated In inventory of assets.

2. How do we know how to assess "Impact/Consequences"? What do we base that rating on?

3. And how do we transfer that rating to the Risk Assessment table

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 09, 2019

1. I am having trouble finding out how these two documents are connected (are both needed?) 11.A.8.1_Inventory_of_Assets_Integrated 07.1_Appendix_1_Risk_Assessment_Table_Integrated In inventory of assets.

The Risk assessment table is a mandatory document if you want to be certified against ISO 27001, while the inventory of assets is needed only if control A.8.1.1 (Inventory of assets) is considered applicable to your ISMS.

The relation between these documents is that all assets identified in the Risk assessment table must be copied to the Inventory of assets provided the control A.8.1.1 is considered applicable.

2. How do we know how to assess "Impact/Consequences"? What do we base that rating on?

The way to perform the assessment of impact is defined in the Risk Assessment and Risk Treatment Methodology, located on folder 10 Risk Assessment and Risk Treatment of your toolkit.

The assessment of Impact/Consequences is based on the impact of the loss of confidentiality, integrity or availability of information.

By the way, included with your toolkit you have access to a video tutorial that can guide you on how to fill in the Risk Assessment table, presenting examples with real data.

This article also can be interesting for you “How to assess consequences and likelihood in ISO 27001 risk analysis”: https://advisera.com/27001academy/knowledgebase/how-to-assess-consequences-and-likelihood-in-iso-27001-risk-analysis/

3. And how do we transfer that rating to the Risk Assessment table

Once you identify the impact/consequence level, which range is defined in the Risk Assessment and Risk Treatment Methodology, you must input this value in column G of the Risk assessment table.

You also can see how this is performed in the video tutorial mentioned in answer 2.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 09, 2019

Oct 09, 2019

Suggested Topics