We have received another question related to the PBX system:
When you say "Anyway, from my point of view you need to consider, as independent assets, the software, the hardware and the information related to the pbx system."
Could you please elaborate on what you mean by consider? Do you mean to look at the threats for all three of those components of the PBX?
I mean that the PBX system really is composed by, for example:
- Asterisk (Software)
- Server HP DL 380 (Hardware where the software is installed)
- Register of information related to the calls (Information that the software stores in his data base)
So as you see there are 3 different assets related to the PBX system, and you can identify threats/vulnerabilities related to each one.
This article can be interesting for you How to handle Asset register (Asset inventory) according to ISO 27001 : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/