I want to ask you about Labelling of information in iso 27002. In iso 27002:2013 in 8.2.2 Establish information labeling procedures. Information marking procedures should apply to information and associated assets presented in a physical or electronic format if we say that the server (physical format) is information.
so how can we labeling a server ?
Answer:
I am sorry, but a server is not information, is an asset of type hardware that can have information (the information is another type of asset). But a server can contain another type of asset: software. How can we classify the information in electronic format- that contains a server? If is a document, you simply can include in the first page the type of classification, or if the information is in a data base (software) or other software, maybe you can include a message in the start of the operative system through a script- showing that the information on the server is confidential, or internal, etc.
By the way, information in physical format can be a physical paper, and a lso you can include on it in the first page- the type of classification.
This article about the classification of information can be interesting for you Information classification according to ISO 27001 : https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
And also this article about the asset inventory How to handle Asset register (Asset inventery) according to ISO 27001 : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Jan 13, 2016