Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

Statement of applicability A.9.1.2 (Access to networks and network services)

  Quote
Guest
Guest user Created:   Apr 27, 2022 Last commented:   Apr 27, 2022

Statement of applicability A.9.1.2 (Access to networks and network services)

I'm working on the SOA document. I've previously defined our assets and have prepared the risk assessment. In the SOA document I see the A.9.1.2 (access to networks and network services). So far, I've defined assets like "commercial documents", "databases" and so on. Accessing all these assets must of course be protected. So avoiding using public wifi networks will be specified in the Access Control Policy document. My question is the following. As using public wifi can be considered a valid thread for all IT assets we can access remotely, in the risk assessment list of item, can I just add a global asset called "internal IT resources" that will have the threat "using public wifi" and vulnerability being "public wifi networks are not secured by nature" ? So this global asset would comprise other more specific assets. Or do I have to specify this risk for all specific assets I've defined ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 27, 2022

When a risk is similar to several assets, you can create a single asset to represent them all and associate the risk to it, as you suggested.

For example, you do not need to record an organization's notebooks as individual assets (you can add an asset called "notebook"), but if they have specific purposes with different risk levels you can use specific assets like "notebook", "development notebook", and "finance notebook". The same concept applies to IT assets.  

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 27, 2022

Apr 27, 2022

Suggested Topics

Guest user Created:   10h ago ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Tonya Created:   1d ago ISO 27001 & 22301
Replies: 0
0 0

Compliance Manager

Guest user Created:   Sep 23, 2022 ISO 27001 & 22301
Replies: 1
0 0

27001 audits