Question about CIA and asset inventory
Assign topic to the user
You have to assess the impact of risks to confidentiality, integrity and availability of your information - this is part of the risk assessment process. As part of this process you can identify also the assets, but this is not mandatory.
You can find more detailed explanation in this webinar: The basics of risk assessment and treatment according to ISO 27001 https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
This article will also help you: What has changed in risk assessment in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/
Comment as guest or Sign in
Jan 12, 2016