LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Security asset inventory

  Quote
Guest
Guest user Created:   Jan 13, 2022 Last commented:   Jan 13, 2022

Security asset inventory

Although there is information about creating an asset inventory, and what needs to be in it, it doesn't feature in any on the implementation steps. I normally create one before doing a risk assessment and use the content for the risk assessment so there is cross mapping, I'd be interested to hear your thoughts.
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 13, 2022

For a smaller company it is much quicker if the assets are listed during the risk assessment process - first the assets are listed, then relate threats and vulnerabilities to those assets. Essentially, the same effect is achieved as you suggested.

For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2022

Jan 13, 2022