Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Protecting assets with multiple security levels

  Quote
Guest
Guest user Created:   Nov 24, 2016 Last commented:   Nov 24, 2016

Protecting assets with multiple security levels

If we have 2 completely similar assets (for example 2 similar data bases which are used for different customers) but the consequences of the problems are not the same (for example because of different importance of customers) should we consider them as different assets and dedicate 2 different lines in risk assessment table? My suggestion was grouping them as highly/medium/low sensitive (databases/contracts…) and then put these groups as assets in 3 rows and keeping the detailed assets information in inventory of assets table. Do you think that it is a correct approach?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 24, 2016

Answer: Your approach on the risk assessment is valid, since you will have to state the different impact levels, that will lead to different risk values, but in your asset inventory there is no need to have multiple rows if you can group the assets and the information about them. In your example you have in the asset inventory the asset "database", and in your risk assessment you will have risks like "customer A's database loss" and "customer B's database loss", with differe nt risk values.

This article will provide you further explanation about documentation development: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

This article will provide you further explanation about risk assessment: ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding assets management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 24, 2016

Nov 24, 2016

Suggested Topics