CHAPTER 8: INFORMATION ASSETS
This chapter will be of greater relevance to organisations pursuing an asset-based risk assessment methodology. While risks do not need to be assessed wholly on the basis of the assets that they threaten, it remains a popular and effective method of risk assessment. Furthermore, for organisations undertaking a scenario-based risk assessment, BS 7799-3 provides the following clarification of the role of asset management:
Using the scenario-based method does not mean that Annex A control A.8.1.1 is unnecessary. It just means that the asset inventory might not be an input into the risk assessment, whereas Annex A control A.8.1.1 might still be an output of the risk treatment process (i.e. determined by the organization ...
Get Information Security Risk Management for ISO 27001/ISO 27002, third edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
