One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495737 |
| Date de publication | 2019-12-13 08:00:01 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Dec 13 - what is an "information asset"? |
| Texte |  ISO/IEC JTC 1/SC 27 tied itself in knots for years trying to answer that disarmingly simple and straightforward question, failing to reach consensus and eventually admitting defeat.Back in 2014, ISO/IEC 27000 defined "Asset" very broadly as "anything that has value to the organization ... including: information; software, such as a computer program; physical, such as computer; services; people, and their qualifications, skills and experience; and intangibles, such as reputation and image."To narrow it down a bit in the context of ISO27k, "Information asset" had also been explicitly defined in ISO/IEC 27000:2009 as "Knowledge or data that has value to the organization".That definition still works quite well for me. "Information asset" refers to the intangible content - the meaning of information - rather than the vessels, media, equipment, facilities and human beings that house, process, communicate and use it.The content is both valuable and vulnerable and hence needs to be protected or secured. That's what ISO27k does.I appreciate that the tangible vessels, media, equipment, facilities and people are also assets that also require adequate protection, security and safety, but that's largely the domain of conventional physical risk and security measures such as vaults, locks and guards, plus health and safety. Other standards apply there.At some point after the release of ISO/IEC 27000:2009 (I forget exactly when), SC 27 had become exhausted by the interminable arguments over the definition and called a halt to it. The definitions of "information asset" and then "asset" were summaril |
| Envoyé | Oui |
| Condensat | 1/sc 2014 2014:the 27000 27000:2009 27001 27032:2012 according actual adapted adequate admitting advisory after again agreements aircraft also annex another answer any anything applicable application applies apply appreciate appropriate are arguments asset assets associated audio back bad become been beings belongs beyond bit bitmap blog both bottomed brands broader broadly browsing building buildings business but called can cases commercial committee communicate company complex component computer computer; concerned confusing consensus consideration considered constraints construction container content contents context control conventional conveyances copyrighted corporate corrected corrigendum could crucial currently data dec defeat defined definition definitions delivery designs despite different digital disarmingly discretionary discussing discussion distinct does domain down effect embodiment ended entities entity environment equipment ethical eventually exactly example exhausted experience; explain explicitly expression extends facilities fact failing feel financial forget formalized from fromorganizations function general government governments grouping guards had halt has have health hears hence house however human image implied impossible include includes including including: indicates individual individuals information information; infrastructure instance intangible intangibles integral intellectual interminable interpreted inventoried inventory iso iso/iec iso27k issue item items itself jtc knots knowledge known land largely leases legal legally liabilities licences life literally loaned locks machine machinery make management mandatory manifestation material mean meaning measures media more most narrow nblog needs negative non not note obviously once only open opposite organization organizations other out over own owned owner owns part parties patented people personal personally perspective pertaining phrase physical places plant platform plus point positive potential practices presumably primarily process processing program; proper properties property protected protection proved provision purely qualifications quantifiable question quite rather reach really refer referred refers related release removed reputation require resolution rights risk risks safety same scope secured security seems seen sees separation service services; several shall ships shortened should simple since skills slow software some something stages stakeholder standard standards straightforward structure stuff subjects such summarily system systematically systems tangible tediously text than that them then there therefore thereof thing things third those throughout tied toe too tools trademarked trying turn turns unclear undefined unfortunately unit upon use user usually valuable value vaults vehicles version very vessels vulnerable wait way well what when whereas which whole within working works would years |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.