iFour Consultancy

ISO 27001 – A8 Asset Management

Anything that has value to the organization

Asset

ISO for Software application development India

Assets

Software & Hardware

Infrastructure

Information

People

Risk assessment

• Key element of identifying risks, together with threats and vulnerabilities.

Responsibility Assignment

• Defines asset owners• Assigns owners the responsibility to protect the

confidentiality, integrity and availability of the information

Why are assets important for information security management?

ISO for Software application development India

A set of business processes designed to manage the lifecycle and inventory of technology assets

It provides:Lowers IT costs, Reduces IT risk andImproves productivity

Asset Management

A8 Asset Management Clauses

ISO for Software application development India

• Responsibility for assets8.1• Information Classification8.2• Media Handling8.3

To identify organizational assets and define appropriate protection responsibility

8.1.1 Inventory of Assets8.1.2 Ownership of assets8.1.3 Acceptable use of assets8.1.4 Return of Assets

8.1 Responsibility for assets

ISO for Software application development India

Controls for Responsibility for assets

• Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained

Inventory of Assets

• Assets maintained in the inventory shall be ownedOwnership of assets

• Rules for acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented

Acceptable use of assets

• All employees and external party users shall return all of the organizational assets in their possession upon termination of their employment, contract or agreement

Return of Assets

To ensure that information receives an appropriate level of protection in accordance with its importance to the organization

8.2.1 Classification of information8.2.2 Labelling of information8.2.3 Handling of assets

8.2 Information Classification

ISO for Software application development India

Controls for Information Classification

ISO for Software application development India

• Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification

Classification of information

• An appropriate set of procedures for information labelling shall be developed and implemented in accordance with information classification scheme adopted by the organization

Labelling of information

• Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization

Handling of assets

References

http://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

https://en.wikipedia.org/wiki/ISO/IEC_27001:2013

ISO for Software application development India

Visit- http://www.ifour-consultancy.comOr

http://www.ifourtechnolab.com

For more details

ISO for Software application development India

THANK YOU

ISO for Software application development India