Expert Advice Community

Guest

PBX system, it can be an asset?

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

PBX system, it can be an asset?

0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

Would an onsite pbx system be an asset to assess in a risk assessment?
 

Answer:

Yes, you can consider the pbx system as an asset in the risk assessment, because there are risks related to it, but for this, obviously this system need to be included in the scope of the ISMS. Anyway, from my point of view you need to consider, as independent assets, the software, the hardware and the information related to the pbx system.
Do you know the threats/vulnerabilities that can affect to the pbx system? Please see this article “Catalogue of threats & vulnerabilities” : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Finally, maybe this article can be interesting for you “ISO 27001 risk assessment: How to match assets, threats and vulnerabilities” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

Quote
0 0
Guest
AntonioS Jan 13, 2016

We have received another question related to the PBX system:

>

When you say "Anyway, from my point of view you need to consider, as independent assets, the software, the hardware and the information related to the pbx system."

Could you please elaborate on what you mean by consider? Do you mean to look at the threats for all three of those components of the PBX?
 

Answer:

I mean that the PBX system really is composed by, for example:
- Asterisk (Software)
- Server HP DL 380 (Hardware where the software is installed)
- Register of information related to the calls (Information that the software stores in his data base)
So as you see there are 3 different assets related to the PBX system, and you can identify threats/vulnerabilities related to each one. 
This article can be interesting for you “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016