O'Reilly logo

Risk Assessment for Asset Owners by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 6: ASSET IDENTIFICATION

The first step in meeting the ISO27001 requirements for risk assessments is to identify all the information assets (and ‘assets’ includes information systems – which should be so defined in your information security policy) within the scope (4.2.1 - a) of the ISMS and, at the same time, to document which individual and/or department ‘owns’ the asset.

The asset identification exercise can only take place once the scope9 has been finalised.

Asset classes

ISO17799 identifies, in A.7.1.1, the six classes of assets that have to be considered, each of which should be referenced in your information security policy statement. They are as follows:

Information assets includes information printed or written on paper, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required