The purpose of risk identification is the systematic recording of all risks relevant to your company. We will be happy to work with you to identify your risks as part of the development of your ISMS or for a possible ISO: 27001 / TISAX certification and carry out the entire risk management process through to sensitizing all your employees.
As part of the risk identification, the first step is to record all assets and combine them into groups of equal value (asset classes). An asset describes a value of a company, such as a laptop. Possible asset classes here are e.g. “Laptops and Smartphones Employees” and “Laptops and Smartphones Managing Directors” into consideration. In this example, two asset classes should be created for the asset laptop, since both asset classes are associated with different threats and therefore different information security risks are affected. This means that an asset class has the same vulnerabilities and thus the same threats.
The following information security risks should be considered in the context of the asset classes.
It is about the loss of …:
- Confidentiality: The property that information is not made available or disclosed to unauthorized persons, units or processes.
Availability: property of a value, of a unit being accessible and usable on request.
Integrity: Property of ensuring the correctness and completeness of values. In particular, this includes the property that information is not changed without authorization.
- All assets or asset classes should be recorded in full.
- Tools for the software-supported implementation of risk management
- In principle, Excel lists can be used to inventory the values. However, the larger the company, the more difficult it can be to record all assets with the help of an Excel list. In addition, continuous checking and updating is urgently required.
We therefore recommend a software-based solution that automatically takes over the acquisition and also offers the possibility of visualizing the relationships between the assets. The market offers various options for this. We would be happy to advise you on choosing the right software tool for you.