LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Risk Assessment : Which assets to take into account

  Quote
Guest
Guest user Created:   Nov 26, 2021 Last commented:   Nov 26, 2021

Risk Assessment : Which assets to take into account

In the scope of our ISMS, we only focus on our SaaS platform. So in the list of assets, I'll for example consider the customers' data stored on the platform as well as all software components of our platform. But what about assets like employees' laptops ? Are they to be considered as assets, or as potential vulnerabilities as threats may use laptops vulnerabilities to access our SaaS platform and extract sensitive info?
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 26, 2021

Typically, employees' laptops should be considered assets because they are used to maintain and operate your SaaS platform.

This article will provide you a further explanation about scope definition in cloud environments:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Nov 26, 2021

Nov 26, 2021

Suggested Topics