mercredi 11 février 2015

risk assessment scope and critical assets



we'v started implementing ISMS in our organization. the scope is IT dept and all users of the company who are connected to our WAN. but our risk assessment scope is only Data center and Network infrastructure and we are told to consider only critical assets of this scope for first implementation. now I want to know 1- is it acceptable to consider only critical assets not all of them? 2- with what parameters we choose critical assets? 3- are core processes in this scope one of our critical assets or only information that is used and generated in these processes should be considered as assets? 4-is this a correct view for what i explained: for defined risk assessment scope which is defined under our ISMS scope, we consider our core and distributed switches and routers, critical network connections between them, our servers which are VMs and their hardware (SANs,Storages,Blades), and what else?


thanks in advance





Aucun commentaire:

Enregistrer un commentaire