Risk Assessment for Asset Owners

CHAPTER 6: ASSET IDENTIFICATION

The first step in meeting the ISO27001 requirements for risk assessments is to identify all the information assets (and ‘assets’ includes information systems – which should be so defined in your information security policy) within the scope (4.2.1 - a) of the ISMS and, at the same time, to document which individual and/or department ‘owns’ the asset.

The asset identification exercise can only take place once the scope⁹ has been finalised.

Asset classes

ISO17799 identifies, in A.7.1.1, the six classes of assets that have to be considered, each of which should be referenced in your information security policy statement. They are as follows:

• Information assets includes information printed or written on paper, ...

Get Risk Assessment for Asset Owners now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Risk Assessment for Asset Owners by

CHAPTER 6: ASSET IDENTIFICATION

Asset classes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly