Assets, classification and access control
The requirement to maintain a current asset register dovetails with the risk assessment process described in Chapter 4. The register needs to go beyond the classic fixed-asset register and include information assets.
There is a control suggesting that assets are classified to a defined labelling scheme, and the classification will indicate the level of protection required and who has approved access rights to them. Access control is also related to ensuring that only those with approved access to the assets can actually access them, and this is subject to both logical and physical barriers.
Passwords and user IT accounts are typical logical access controls, and are of course only as robust as the practices ...
Get An Introduction to Information Security and ISO27001: A Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
