Taking the ISO 27001 certification exam?
Get a bundle with FREE Live Virtual Training
(regular price US$ 199)
LIMITED-TIME OFFER – EXPIRES ON MAY 17, 2022

Expert Advice Community

Risk Assessment of Assets

  Quote
Lee Created:   Oct 19, 2021 Last commented:   Oct 21, 2021

Risk Assessment of Assets

Hello As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group. Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard.  I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups? So, rather than risk assess Core Network VMWare Business Systems Desktop Applications Would we need to risk assess as follows? Core Network VMWare Business System 1 Business System 2 Business System 3 Business System 4 Business System 5 Desktop Application 1 Desktop Application 2 Desktop Application 3 Desktop Application 4 Desktop Application 5 Thanks Lee

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 20, 2021

ISO 27001 does not specify a method to perform risk assessment, so you can adopt the method that best fulfills your needs.

When using a methodology that uses assets, threats, and vulnerabilities, you can assess assets as a group if they share common threats and vulnerabilities, assessing individual assets only if they have specific threats and vulnerabilities.

For example, if desktop applications 1 to 4 are used by the HR team and share similar threats and vulnerabilities, they can be assessed as a single asset, let’s say, called HR desktop applications.

 These articles will provide you a further explanation about risk assessment:

Quote
0 0
Lee Oct 21, 2021

Thanks for the quick reply, much appreciated 😀

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 19, 2021

Oct 21, 2021