Hi,
Based on this statement:
Warning: this module is not meant to be used as an inventory tool where you document every laptop or server in your organisation. The only reason you are creating assets is to include them on a risk. If you plan to describe “Malware” just create assets that make reference, such as “Laptop”, “Windows Laptop”, “Apple Phone”.
How we can have a number of asset within a business unit but it also part of other business unit too?
For example: Employee Data
BU - HR and Finance
Both needed for GDPR risk - to ensure no data leakage.
How we can differentiate Employee Data asset that belongs to 2 different business units in Asset Risk Management?
P.S:
My organization having 100 different business unit. We called it Entities or subsidiary. So each asset will be copied into each business units. Means, Employee Data asset categorized as data asset and will be appear in 100 business unit.
Thanks,
Zie