Hello
We are doing risk assessment for our information Assets but we have a problem:
if we consider email records to be an information asset and if we consider also the mail server to be information asset, when we do the risk assessment on the MAIL SERVER, should we consider the risks on the informations it contains ( in this example the mail records) or do we consider the server just as a Hardware item, irrelevant of the information inside?
If we consider the mail server as both HW+info it contains, then wouldn't we be doing the work twice when we do risk assessment on the mail records?
Please help its very confusing
We are doing risk assessment for our information Assets but we have a problem:
if we consider email records to be an information asset and if we consider also the mail server to be information asset, when we do the risk assessment on the MAIL SERVER, should we consider the risks on the informations it contains ( in this example the mail records) or do we consider the server just as a Hardware item, irrelevant of the information inside?
If we consider the mail server as both HW+info it contains, then wouldn't we be doing the work twice when we do risk assessment on the mail records?
Please help its very confusing