Cleaning up the Sparks folder

Corpus/Sparks/ISMS/How to develop an Asset Inventory.md

@@ -0,0 +1,46 @@
+# How to develop an asset inventory
+
+https://www.isms.online/iso-27001/how-to-develop-an-asset-inventory-for-iso-27001/
+
+Relevant ISO 27001 clauses/controls:
+- [ISO 27001 A 8.1.1 Inventory of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.1%20Inventory%20of%20assets.md)
+- [ISO 27001 C 6.1.2 Information security risk assessment](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md)
+
+See also:
+- [Assets, Vulnerabilities, Threats, Risks](../../Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
+
+
+# 3D Asset Inventory
+
+The criticality of an asset can be defined as the **impact of compromise** on the 3 aspects of Confidentiality, Integrity and Availability.
+
+E.g.:
+
+Asset | Confidentiality | Integrity | Availability
+----- | --- | --- | ---
+Public website | 0 | 2 | 3
+Password file | 3 | 2 | 3
+Debtors info | 3 | 3 | 1
+
+We can also assess the **probability of compromise**  on the same 3 aspects:
+
+Asset | Confidentiality | Integrity | Availability
+----- | --- | --- | ---
+Public website | 0 | 2 | 1
+Password file | 1 | 1 | 2
+Debtors info | 1 | 2 | 1
+
+Now we can calculate the Risk Score as Impact times Probability for each of the 3 aspects:
+
+Asset | Confidentiality | Integrity | Availability
+----- | --- | --- | ---
+Public website | 0 | 4 | 3
+Password file | 3 | 2 | 6
+Debtors info | 3 | 6 | 3
+
+
+This would lead to the following priority list for risk mitigation:
+1. Integrity of Debtors info
+2. Availability of Password file
+3. Integrity of Public website
+4. etc.