Responsibility for classifying the assets
Assign topic to the user
- PUBLIC
- PRIVATE
- SENSIBLE
- CONFIDENTIAL
the question is, who is the responsible to give this classification to the assets??
Answer: ISO 27001 standard does not prescribe the responsibility for asset classification, but the best practice is that asset owners classify their assets. This is because they are in the best position to assess how confidential or how sensitive each of their assets are.
The asset inventory itself can be compiled by Information security manager, or some other person who coordinates information security in your company.
Comment as guest or Sign in
Jan 12, 2016