O'Reilly logo

An Introduction to Information Security and ISO27001: A Pocket Guide by Steve G Watkins

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Information Assets and the Information Security Risk Assessment

An asset-based information security risk assessment is the key to any ISO27001 ISMS, forming the lion’s share of the Plan phase of the initial P-D-C-A cycle for implementation.

To undertake the risk assessment it is necessary to have defined the scope of the ISMS, and of course to have understood the concept of information security assets: it is the assets that are the subject of the risk assessment.

For the risk assessment to be effective a comprehensive information-asset register needs to be produced. That is to say, a list of everything that has value to the organisation, including information, information processing and storage equipment (every server, computer, laptop, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required