Risk assessment
A question about Risk Assessment: we're a small company (5 full time, 2 part-time staff). It would be simpler for us to say that the Information Security Officer is the asset owner for all assets. Is there a problem in doing that?
Assign topic to the user
ISO 27001 does not prescribe who must be the asset owner, so you can define that the Information Security Officer is the asset owner for all assets.
These articles will provide you further explanation about asset management:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
Comment as guest or Sign in
Nov 14, 2019