ISO27001 information security certification implementation steps to collect asset information l Content:? Hardware and software information systems / equipment, configuration information, password information, account permissions information, business data, support equipment, staff job categories, security policy content, services, etc. l Documentation ?: Information Assets Assets confirm registration form and estimate l content: confirm the risk assessment table related projects, including asset identifier, asset description, owner, location and other information; while the sensitivity of the asset (confidentiality, integrity and availability ) estimated l Documentation: Information Asset Register Asset Valuation Table l Content:? According to the sensitivity of the type - the confidentiality, integrity, availability, determine the value of assets l Documentation: Information Assets Risk identification registration form l premise: information assets registration form? selected weaknesses and threats l methods: by selecting the weaknesses and threats, through a fixed format syntax group named the face of risky assets. ? L premise computing risk: the risk assessment has been exemplar of the relevant sections, including threats, threat level, weaknesses, weaknesses grade, risk impact, risk the possibility of existing control measures l: Event for each threat, determine the risk level of risk in the table l Documentation:? Risk assessment table selection control means classification based on threat and urgency of and in accordance with the principles of risk classification to determine the risk acceptance criteria for unacceptable risks, especially high level of risk presented implementation of the proposed risk disposal.