O'Reilly logo

Information Security Risk Management for ISO27001/ISO27002 by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 8: INFORMATION ASSETS

The information security policy and the scoping statement, discussed in Chapter 6, describe the boundaries of the ISMS. You have to consider, at a reasonably high level, the information assets that underpin the organisation’s business processes in order to establish the scope of the ISMS. You now return to the subject, but this time the objective is to identify all those assets in detail.

Assets within the scope

The first step in meeting the ISO27001 requirements for risk assessments is to identify all the information assets (and ‘assets’ includes information systems – which should be so defined in your information security policy) within the scope (4.2.1 – a) of the ISMS and, at the same time, to document which ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required