Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Roles and ResponsibilitiesAssets and risk assessment

The toolkit refers to several different positions, however every organization distributes it repsonsbilities the same way. Is there a comprehensive list of the required/needed areas of responsbilities so I can align that to the titles in my organization?hi, if I have lets say database server, i will consider it as one asset? or I have to add the server as asset and the database (oracle or sql) as another asset? and do I have to do it twice if I have one development database server and one production server? thank you

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

I think your risk assessment will have more depth if you separate physical server as an asset from software and databases that run on it - you will be able to focus better on key issues; however, this is not something that is required by ISO 27001 - if you don't want to go too much into detail you can consider a server as one asset that consists both of hardware and software/data.

The dilemma whether to separate production and development servers depends on how different they are - if there are significantly different threats and vulnerabilities for these two servers, it would be better to assess them separately; if they are quite similar you can save time and assess them as a single item.

Quote

0 0

Guest

Guest post Jan 12, 2016

thank you Iits very clear, is the computer room considered as asset or control?

Quote

0 0

Guest

DejanK Jan 12, 2016

You could consider a computer room as an asset, but this is not the control - the controls are air conditioning, secure door with access control, fire extinguishing and other equipment installed in this room.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community