In the risk assessment table I can use a group/category of assets such as laptops in the asset name section, and identify the threats and vulnerabilities for that category correct? In the inventory of assets do I need to list each asset of the category then?
Example:
Category: laptops
Asset name: [name]-laptop
Or can I keep this section high level as well as example:
Category: ICT and Other equipment
Asset name: Laptops
Answer:
Yes, you can have an asset named laptops in your inventory of assets, and after in the Risk Assessment Table you need to identify threats/vulnerabilities related to it (related to all laptops that have the same threats/vulnerabilities). So, you can have this:
Category: ICT
Asset name: Laptops
Comment as guest or Sign in
Jan 12, 2016