Chapter 4. Identify Your Information Assets

In order to know what protections and controls you should implement, it is important that you first understand what it is you are trying to protect. The standard expects that all information assets within the scope of the implementation of ISO27001 have been properly identified and a value placed on them.

So our first step in identifying our information assets should be to define the scope of the ISMS and identify what it will cover.

Define the scope of the ISMS

The scope is one of the most important items in planning your implementation of ISO27001. How broadly you define the scope will impact the amount of work and time required to roll out your ISO27001-based ISMS.

The scope of the ISMS could simply be ...

Get ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.