ISO/IEC 27002 Section 3

The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 3 is Asset Management.

Asset Management

Organisations are used to completing inventories of physical assets - for example, computers, printers, machinery, vehicles etc. But information is also recognised as a vital asset for every organisation. The value of specific information will depend on factors such as:

• How much it cost to obtain
• How much it would cost to replace
• The extent of damage done to the organisation if it was disclosed to the public or a competitor

An Information Asset Register (IAR) should be created, detailing every information asset within the organisation. For example:

• Databases
• Personnel records
• Scale models
• Prototypes
• Test samples
• Contracts
• Software licences
• Publicity material

The Information Asset Register (IAR) should also describe:

• Who is responsible for each information asset
• Any special requirements for confidentiality, integrity or availability

The value of each asset can then be determined to ensure appropriate security is in place.

Use links below for further information:

ISO/IEC 27002 Section 1 
ISO/IEC 27002 Section 2 
ISO/IEC 27002 Section 4 
ISO/IEC 27002 Section 5 
ISO/IEC 27002 Section 6 
ISO/IEC 27002 Section 7 
ISO/IEC 27002 Section 8 
ISO/IEC 27002 Section 9 
ISO/IEC 27002 Section 10 
ISO/IEC 27002 Section 11 
ISO/IEC 27002 Explained

If you would like more background information about information security standards follow this link.