Getting the balance right

Information Security Asset Registers

Asset Identification

To conduct an information security risk assessment, the organisation must understand what information, technology, equipment, facilities and people it relies on. These information assets are recorded within Abriska as a hierarchy, this allows related asset to be grouped together which saves time later when looking at threats, vulnerabilities and controls.

Business Impact Analysis

For each of the assets that are identified, the organisation must consider the potential impact on the organisation if either the Confidentiality, Integrity or the Availability of that asset was breached.

The BIA should be conducted by the individual asset owners and so Abriska allows these assessments to be distributed to those individuals. The following factors of abriska help ensure that there is a level of consistency in asset owner's responses to Business Impact Analysis:

• The organisation can define independent scales for each Confidentiality, Integrity and Availability
• Interrelated assets can be linked together to ensure that BIA values are consistently applied. For example, digital information can be linked to the servers that store the information

• Abriska Introduction
• Information Security (ISO 27001)
  • ISO 27001 Risk Assessment Requirements
  • ISO 27001 Asset Registers
  • ISO 27001 Control Maturity Assessment
  • Risk Assessment
  • ISO 27001 Certification Documents
• Business Continuity (BS 25999 & ISO 22301)
  • Dependency & Relationship Modelling
  • Business Impact Analysis
  • Risk Assessment
• Case Studies & Product Sheet
  • Abriska Product Sheet - 27001
  • Abriska Product Sheet - 25999
  • Abriska Demonstration