Expert Advice Community

Guest

Question regarding Asset Based Risk assessment

  Quote
Guest
Guest user Created:   Sep 11, 2020 Last commented:   Sep 11, 2020

Question regarding Asset Based Risk assessment

 Dear Dejan, trust you are well.  I am doing my first Asset Based Risk Assessment and I am using your book Secure and Simple.  What to do with assets such as company mobile phones which do not have access to the company network and are not used to send any information in emails etc.  Do I list them in the Risk Assessment?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 11, 2020

 Dear Dejan, trust you are well.  I am doing my first Asset Based Risk Assessment and I am using your book Secure and Simple.  What to do with assets such as company mobile phones which do not have access to the company network and are not used to send any information in emails etc.  Do I list them in the Risk Assessment?

Answer: In case an asset does not have access to the information you want your ISMS to protect, then it does not need to be included in the risk assessment.

Please note that besides the situations you mentioned, there are other situations that may need to be considered in the risk assessment, such as:
- mobile phone with onboard cameras may take pictures of documents and screens
- mobile phone memory card's slots can be used to transport memory cards that had access to organization's data.
- if the phone is stolen, by accessing an email account a bad actor can reset passwords for company systems and access them.

 This article will provide you a further explanation about assets and risk assessment:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/01academy/emy/ademy/my/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 11, 2020

Sep 11, 2020