Chapter 4. Identify Your Information Assets

In order to know what protections and controls you should implement, it is important that you first understand what it is you are trying to protect. The standard expects that all information assets within the scope of the implementation of ISO27001 have been properly identified and a value placed on them.

So our first step in identifying our information assets should be to define the scope of the ISMS and identify what it will cover.

Define the scope of the ISMS

The scope is one of the most important items in planning your implementation of ISO27001. How broadly you define the scope will impact the amount of work and time required to roll out your ISO27001-based ISMS.

The scope of the ISMS could simply be ...

Get ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition by Brian Honan

Chapter 4. Identify Your Information Assets

Define the scope of the ISMS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly