Guest
Inventory of assets table
In the Inventory of assets table there is a column with heading “Impact”. The instruction at the top of the table states that one should copy the score from the Risk Assessment table. However, each item from the Inventory of Assets table may have several risks attached to it in the Risk Assessment table. Moreover if one uses the suggested scores by Advisera (0, 1, 2) for both Consequence and Likelyhood, most assets can have several scores between 0 and 4. What am I to do with the Impact column and what is the significance of this column? In other words what does it add to the entire system? If I should copy all scores then I need to copy all risk descriptions as well. This seems like a lot of unnecessary work. Can you please advise?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Nov 10, 2018
Answer:
In case multiple risks are associated with an asset, then you must use the highest impact level associated to these risks. The purpose of the impact column is to give the organization a compr ehensive view of the most relevant assets of the organization regarding information security. This can help you prioritize and allocate resources to protect information.
Comment as guest or Sign in
Nov 10, 2018
Nov 10, 2018
Nov 10, 2018