This snapshot taken on 12/12/2008, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.
 
 

ISO/IEC 27002 Section 3

The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 3 is Asset Management.

Asset Management

Organisations are used to completing inventories of physical assets - for example, computers, printers, machinery, vehicles etc. But information is also recognised as a vital asset for every organisation. The value of specific information will depend on factors such as:

  • How much it cost to obtain
  • How much it would cost to replace
  • The extent of damage done to the organisation if it was disclosed to the public or a competitor

An Information Asset Register (IAR) should be created, detailing every information asset within the organisation. For example:

  • Databases
  • Personnel records
  • Scale models
  • Prototypes
  • Test samples
  • Contracts
  • Software licences
  • Publicity material

The Information Asset Register (IAR) should also describe:

  • Who is responsible for each information asset
  • Any special requirements for confidentiality, integrity or availability

The value of each asset can then be determined to ensure appropriate security is in place.

Use links below for further information:

ISO/IEC 27002 Section 1 
ISO/IEC 27002 Section 2 
ISO/IEC 27002 Section 4 
ISO/IEC 27002 Section 5 
ISO/IEC 27002 Section 6 
ISO/IEC 27002 Section 7 
ISO/IEC 27002 Section 8 
ISO/IEC 27002 Section 9 
ISO/IEC 27002 Section 10 
ISO/IEC 27002 Section 11 
ISO/IEC 27002 Explained

If you would like more background information about information security standards follow this link.

© Crown copyright2008