Day: June 30, 2022

What are “information assets”?

Control 5.9 in ISO/IEC 27002:2022 recommends an inventory of information assets that should be “accurate, up to date, consistent and aligned with other inventories”.  Fair enough, but what are ‘information assets’? What, exactly, are we suppo…

June 30, 2022
0 comment
Read More >>

Authorised exemptions

Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware. In essence, after explaining what ‘exemptions’ are, the policy requires that they are authorised after du…

June 30, 2022
0 comment
Read More >>