In order to know what protections and controls you should implement, it is important that you first understand what it is you are trying to protect. The standard expects that all information assets within the scope of the implementation of ISO27001 have been properly identified and a value placed on them.
So our first step in identifying our information assets should be to define the scope of the ISMS and identify what it will cover.
The scope is one of the most important items in planning your implementation of ISO27001. How broadly you define the scope will impact the amount of work and time required to roll out your ISO27001-based ISMS.
The scope of the ISMS could simply be ...