Risk Assessment Table
Hello, In 10.1 Appendix 1 the risk assessment table, do we need to enter each individual laptop/desktop computer with the various risks and vulnerabilities? Or is it acceptable to have an entry for laptops that goes through all the various risks and vulnerabilities that all laptops our company owns faces?
Assign topic to the user
You can create a single asset named "laptop" associated with all the common threats and vulnerabilities they face. In case you have risks specific to certain laptops, you can create additional assets, like "sales laptop" or "development laptop", and associate to them the specific threats and vulnerabilities.
This article will provide you a further explanation about managing assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
By the way, included in the toolkit you bought, you have access to a video tutorial that can help you fill in the risk assessment table.
Comment as guest or Sign in
Feb 19, 2021