Warning: include_once(/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304

Warning: include_once(): Failed opening '/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304
Packard Hospital « The InfoSec Blog
The InfoSec Blog

Confusion over Physical Assets, Information Assets in ISO-27000

Posted by Anton Aylward

I often explain that Information Security focuses on Information Assets.

Some day, on the corporate balance sheet, there will be an entry
which reads, "Information"; for in most cases the information is
more valuable  than the hardware which processes it.
   -- Adm. Grace Murray Hopper, USN Ret.

Some people see this as a binary absolute - they think that there's no need to asses the risks to the physical assets or that somehow this is automatically considered when assessing the risk to information.

The thing is there are differing types of information and differing types of containers for them.