One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5464305 |
| Date de publication | 2022-06-30 16:35:04 (vue: 2022-06-30 05:05:35) |
| Titre | What are "information assets"? |
| Texte |  Control 5.9 in ISO/IEC 27002:2022 recommends an inventory of information assets that should be “accurate, up to date, consistent and aligned with other inventories”. Fair enough, but what are 'information assets'? What, exactly, are we supposed to be inventorying? The standard refers repeatedly but enigmatically to "information and other associated assets" that an organisation's Information Security Management System protects. The intended meaning of 'information asset' has been a bone of contention within ISO/IEC JTC 1/SC 27 for years, some experts and national bodies vehemently disagreeing with each other until, eventually, a fragile ceasefire was declared in order to move forward on the numerous standards projects that hinge on the term. Currently, '27002 provides a rather broad and unhelpful definition of "asset" as "anything that has value to the organisation" - paperclips, for instance, fall within the definition. Does that mean your ISMS should protect paperclips since, arguably, they are 'associated with information', albeit very low value assets. I know this is reductio ad absurdam but it illustrates the tar pit that SC 27 found itself in.On a more pragmatic note, I have consciously taken a wide view of information assets in preparing a checklist of information assets for SecAware. I intend to set you thinking about the potential scope, purpose and focal points of your ISMS. You may feel that certain items on the checklist are irrelevant ... or the checklist might just open your eyes to entire categories of valuable information that you hadn't even considered. Whether they end up in or out of scope of your ISMS is for you and your management colleagues to determine. I'm simply giving you food for thought.  |
| Envoyé | Oui |
| Condensat | currently fair click the 1/sc 27002 27002:2022 about absurdam access albeit aligned anything are arguably asset assets associated been bodies bone broad but categories ceasefire certain checklist colleagues consciously considered consistent contention control date declared definition determine disagreeing does each end enigmatically enough entire even eventually exactly experts eyes fall feel focal food forward found fragile giving hadn has have hinge illustrates image information instance instant intend intended inventories” inventory inventorying irrelevant isms iso/iec items itself jtc just know low management may mean meaning might more move national note numerous open order organisation other out paperclips pit points potential pragmatic preparing projects protect protects provides purpose rather recommends reductio refers repeatedly scope secaware security set should simply since some standard standards supposed system taken tar term thinking thought unhelpful until valuable value vehemently very view what whether wide within years your “accurate |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.