Saturday, March 13, 2010
more on ISMS
Dear professionals
The way 'information asset' is usually defined is anything that is
holding or carrying the 'business information' and we have to do the
risk assessment for all the identified information assets in an
organization. Then there are 'controls' like 'standby generators’ or
'air-conditioning systems' for which risk assessment is not required
Now, incase of air-conditioning systems installed with sensors that
generates information OR other similar controls and most importantly
when they are connected and operated through servers, shall we
consider that information, generated / used by the controls for their
functionality as business information and based on that shall we
consider them as information assets and consequently do the risk
assessment??.
Would really appreciate the experience and advise sharing
Arshad
The way 'information asset' is usually defined is anything that is
holding or carrying the 'business information' and we have to do the
risk assessment for all the identified information assets in an
organization. Then there are 'controls' like 'standby generators’ or
'air-conditioning systems' for which risk assessment is not required
Now, incase of air-conditioning systems installed with sensors that
generates information OR other similar controls and most importantly
when they are connected and operated through servers, shall we
consider that information, generated / used by the controls for their
functionality as business information and based on that shall we
consider them as information assets and consequently do the risk
assessment??.
Would really appreciate the experience and advise sharing
Arshad
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment