In a previous article, I outlined the scope and implementation guidelines for the ISO 17799 information security standard. The article also examined Security Policy, the first of eleven security clauses mentioned in the standard. The ISO 17799 defines the term asset as ‘anything that has value to an organization.’ In the realm of information technology, assets can range from data files to physical assets, such as removable media; however, the ISO definition allows an organization to classify items as assets from a broader spectrum. Intangibles, such as reputation of the organization, general utilities, and the skill sets of a workforce can all be classified as assets. The following article will examine the ‘Asset management’ security clause, including the two main security categories listed under this clause.

This document is in PDF format. To view it click here.