Risk assessment methodology and assets inventory
Assign topic to the user
Answer: The most common methodology you will find is the identification of assets, threats and vulnerabilities, most because it was defined by the old 2005 revision of ISO 27001, and although it is not mandatory any more we consider it very useful in many scenarios.
This article will provide you further explanation about risk assessment methodology:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to write ISO 27 001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
2- Otra pregunta que tengo acerca de estos 16 puntos es ¿porque no esta el inventario de activos de informacion? (Another question I have about these 16 points is why is there not the inventory of information assets?)
Answer: Listing all the assets is a mandatory task in the risk assessment methodology referred in the article you mentioned, so the inventory of assets is included in the risk assessment step.
This article will provide you further explanation about assets inventory:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding risk assessment methodology and assets inventory:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 27, 2017