This presentation explains clause A8 of ISO 27001 i.e., Asset management and its importance. It further explains clauses under A8 viz., Responsibilities for Assets and Information Classification. http://www.ifour-consultancy.com/ http://www.ifourtechnolab.com

1. iFour ConsultancyISO 27001 – A8 Asset Management

2.  Anything that has value to the organization
Asset
ISO for Software application development India
Assets
Software &
Hardware
Infrastructure
Information
People

3. Risk
assessment
• Key element of identifying risks, together with threats and
vulnerabilities.
Responsibility
Assignment
• Defines asset owners
• Assigns owners the responsibility to protect the
confidentiality, integrity and availability of the information
Why are assets important for information security management?
ISO for Software application development India

4.  A set of business processes designed to manage the lifecycle and inventory of
technology assets
 It provides:
 Lowers IT costs,
 Reduces IT risk and
 Improves productivity
Asset Management

5. A8 Asset Management Clauses
ISO for Software application development India
• Responsibility for assets8.1
• Information Classification8.2
• Media Handling8.3

6.  To identify organizational assets and define appropriate protection responsibility
8.1.1 Inventory of Assets
8.1.2 Ownership of assets
8.1.3 Acceptable use of assets
8.1.4 Return of Assets
8.1 Responsibility for assets
ISO for Software application development India

7. Controls for Responsibility for assets
• Assets associated with information and information processing facilities shall
be identified and an inventory of these assets shall be drawn up and
maintained
Inventory of Assets
• Assets maintained in the inventory shall be ownedOwnership of assets
• Rules for acceptable use of information and of assets associated with
information and information processing facilities shall be identified,
documented and implemented
Acceptable use of
assets
• All employees and external party users shall return all of the organizational
assets in their possession upon termination of their employment, contract or
agreement
Return of Assets

8.  To ensure that information receives an appropriate level of protection in
accordance with its importance to the organization
8.2.1 Classification of information
8.2.2 Labelling of information
8.2.3 Handling of assets
8.2 Information Classification
ISO for Software application development India

9. Controls for Information Classification
ISO for Software application development India
• Information shall be classified in terms of legal requirements,
value, criticality and sensitivity to unauthorised disclosure or
modification
Classification of
information
• An appropriate set of procedures for information labelling shall
be developed and implemented in accordance with information
classification scheme adopted by the organization
Labelling of
information
• Procedures for handling assets shall be developed and
implemented in accordance with the information classification
scheme adopted by the organization
Handling of assets

10. References
http://advisera.com/27001academy/knowledgebase/how-to-handle-asset-
register-asset-inventory-according-to-iso-27001/
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
ISO for Software application development India

11. Visit- http://www.ifour-consultancy.com
Or
http://www.ifourtechnolab.com
For more details
ISO for Software application development India

12. ISO for Software application development India