Assets

CyberComply allows you to perform asset-based, scenario-based and mixed risk assessments. You must pick one of these options for each assessment you create.

• Asset-based risk assessments are concerned with risks to a particular asset, such as a building or a store of personal data. They are specific to the asset and the other assets associated with it (such as the staff and equipment in a building). You will have access to the assets risk library for risks defined in this kind of assessment.
• Scenario-based risk assessments are concerned with risks that affect the organisation as a whole, such as a widescale data breach or a business continuity issue. You won’t have access to the assets risk library for risks defined in this kind of assessment.
• Mixed risk assessments can contain a mixture of asset-based and scenario-based risks.

For ISO 27001 risk assessments, you should start with an asset-based risk assessment. To be able to do this, you will need to create an asset register and define your organisation’s assets in CyberComply. Assets are valuable to an organisation. They can be people, objects (such as laptops or servers), or more abstract items such as information or reputation.

Navigate to the assets screen by clicking Assets in the navigation menu.

Each asset is given a unique identifier, a description and a physical location.

Updated on: 17/06/2024