Typically, this question is twofold; which assets to include and the depth or granularity. In this blog, we will look at granularity.
In order to meet the requirements of ‘Asset management’ A.8 from Annex A of ISO 27001, it is necessary to identify organisational assets and define protection
‘How do we approach asset identification within our information security risk assessment?’. This blog examines which assets or asset types to include.