We have purchased your ISO27001. We are at the point of creating Risk Assessment Table. We have also watched the video of this area. The 2 questions we are divided on is:
1 . A user of a laptop or computer - does the assets need to be listed separately with the individual user?
2. If yes then every user would need to be presented as a group or individually to offer feedback of risks that they feel in individual to them for that asset? Correct? Would be interested in any feedback. Thanks