1.5 KiB
1.5 KiB
https://www.isms.online/iso-27001/how-to-develop-an-asset-inventory-for-iso-27001/
Relevant ISO 27001 clauses/controls:
See also:
3D Asset Inventory
The criticality of an asset can be defined as the impact of compromise on the 3 aspects of Confidentiality, Integrity and Availability.
E.g.:
| Asset | Confidentiality | Integrity | Availability |
|---|---|---|---|
| Public website | 0 | 2 | 3 |
| Password file | 3 | 2 | 3 |
| Debtors info | 3 | 3 | 1 |
We can also assess the probability of compromise on the same 3 aspects:
| Asset | Confidentiality | Integrity | Availability |
|---|---|---|---|
| Public website | 0 | 2 | 1 |
| Password file | 1 | 1 | 2 |
| Debtors info | 1 | 2 | 1 |
Now we can calculate the Risk Score as Impact times Probability for each of the 3 aspects:
| Asset | Confidentiality | Integrity | Availability |
|---|---|---|---|
| Public website | 0 | 4 | 3 |
| Password file | 3 | 2 | 6 |
| Debtors info | 3 | 6 | 3 |
This would lead to the following priority list for risk mitigation:
- Integrity of Debtors info
- Availability of Password file
- Integrity of Public website
- etc.