Guest user Created: Jan 13, 2022 Last commented: Jan 13, 2022

Security asset inventory

Although there is information about creating an asset inventory, and what needs to be in it, it doesn't feature in any on the implementation steps. I normally create one before doing a risk assessment and use the content for the risk assessment so there is cross mapping, I'd be interested to hear your thoughts.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 13, 2022

For a smaller company it is much quicker if the assets are listed during the risk assessment process - first the assets are listed, then relate threats and vulnerabilities to those assets. Essentially, the same effect is achieved as you suggested.

For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 13, 2022

Expert Advice Community