Information Assets

In the QSEC module “Information Assets” the information assets (business processes, information and the supporting assets) are managed. These are divided in QSEC®, according to the required procedure of ISO 27005 (risk management in information security), into

  • Physical values
  • Personnel
  • Services incl. Cloud

The aim is to obtain the most exact picture of the assets of an organization(s) in the selected scope. The assets identified as critical are subject to a detailed consideration in risk management, the less critical assets can be subject to a basic examination based on predefined elementary hazards.

The possibility of recording assets within the asset groups is intended for organizations that cannot use an asset management system (ITAM) due to technical circumstances or for which the effort is too big. This option can be used, for example, for production environments, control systems and technical environments with few assets.

 

Presentation-of-Assetgroup-Map

QSEC® – Map of asset group

Features (extract):

  • Modeling of the complete company structure:
    • Business units,
    • Business processes,
    • Information,
  • Assets (individual assets and asset groups)
  • Entry of the asset groups with the specification of the responsible person and the specification of the asset group type for the assignment of the risk catalogue
  • Entry of BIA-relevant data (RTO actual/RPO actual) planned
  • Hierarchical asset group display for a clear structure view
  • Tabular asset group listing for a clear editing view
  • Map asset group view for a clear overall context
  • Within the asset groups, the assets (individual assets: notebooks, production systems, network components, etc.) can be managed manually using the “management criteria” (e.g. manufacturer, serial number, location, etc.): Assignment of business processes and information on the asset groups;
  • Inheritance of business process and information criticality assessments for the protection needs analysis of asset groups in risk assessment (the asset groups covered are assessed in risk management);
  • The security levels are evaluated completely for each asset group for all assets;
  • Form customization: For a better overview, the complex forms are divided into tabs!

QSEC modules

Data-Protection-Management-System-QSECInformation_AssetsCompliance_Management_System
IT-Risk-kachelSecurity Incident ManagementMeasure-Management
Document-ManagementMaster-Data-qsecBusiness_Continuity_Management
Reporting-DashboardInterview-WizardInterview-transfer-Wizard
Compliance-WizardRisk-Assessment-WizardSecurity-Level-Wizard
Measure-Evaluation-WizardUsabilityTask-Manager
AdministrationTechnology