Upload
ankita-lachhwani
View
446
Download
5
Embed Size (px)
Citation preview
Anything that has value to the organization
Asset
ISO for Software application development India
Assets
Software & Hardware
Infrastructure
Information
People
Risk assessment
• Key element of identifying risks, together with threats and vulnerabilities.
Responsibility Assignment
• Defines asset owners• Assigns owners the responsibility to protect the
confidentiality, integrity and availability of the information
Why are assets important for information security management?
ISO for Software application development India
A set of business processes designed to manage the lifecycle and inventory of technology assets
It provides:Lowers IT costs, Reduces IT risk andImproves productivity
Asset Management
A8 Asset Management Clauses
ISO for Software application development India
• Responsibility for assets8.1• Information Classification8.2• Media Handling8.3
To identify organizational assets and define appropriate protection responsibility
8.1.1 Inventory of Assets8.1.2 Ownership of assets8.1.3 Acceptable use of assets8.1.4 Return of Assets
8.1 Responsibility for assets
ISO for Software application development India
Controls for Responsibility for assets
• Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained
Inventory of Assets
• Assets maintained in the inventory shall be ownedOwnership of assets
• Rules for acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented
Acceptable use of assets
• All employees and external party users shall return all of the organizational assets in their possession upon termination of their employment, contract or agreement
Return of Assets
To ensure that information receives an appropriate level of protection in accordance with its importance to the organization
8.2.1 Classification of information8.2.2 Labelling of information8.2.3 Handling of assets
8.2 Information Classification
ISO for Software application development India
Controls for Information Classification
ISO for Software application development India
• Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification
Classification of information
• An appropriate set of procedures for information labelling shall be developed and implemented in accordance with information classification scheme adopted by the organization
Labelling of information
• Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization
Handling of assets
References
http://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
ISO for Software application development India
Visit- http://www.ifour-consultancy.comOr
http://www.ifourtechnolab.com
For more details
ISO for Software application development India
THANK YOU
ISO for Software application development India