Saturday, March 13, 2010
understanding ISMS
Dear professionals
The way 'information asset' is usually defined is anything that is holding or carrying the 'business information' and we have to do the risk assessment for all the identified information assets in an organization. Then there are 'controls' like 'standby generators’ or 'air-conditioning systems' for which risk assessment is not required
Now, incase of air-conditioning systems installed with sensors that generates information OR other similar controls and most importantly when they are connected and operated through servers, shall we consider that information, generated / used by the controls for their functionality as business information and based on that shall we consider them as information assets and consequently do the risk assessment??.
Would really appreciate the experience and advise sharing
Arshad
The way 'information asset' is usually defined is anything that is holding or carrying the 'business information' and we have to do the risk assessment for all the identified information assets in an organization. Then there are 'controls' like 'standby generators’ or 'air-conditioning systems' for which risk assessment is not required
Now, incase of air-conditioning systems installed with sensors that generates information OR other similar controls and most importantly when they are connected and operated through servers, shall we consider that information, generated / used by the controls for their functionality as business information and based on that shall we consider them as information assets and consequently do the risk assessment??.
Would really appreciate the experience and advise sharing
Arshad
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment