Risk assessment and asset management
Hello, I wanted to ask you which one should be done first? Risk assessment or asset management?
Assign topic to the user
According to ISO 27001, risk assessment should be done first - once you identify and evaluate all the risks, then you can start implementing security controls - in ISO 27001 Annex A section A.8 "Asset management", there are in total 10 controls that deal with asset management.
These articles will also help you:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding risk assessment and asset management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 28, 2019