SOP for threats and vulnerability assessment
Assign topic to the user
Answer: In ISO 27001 implementation, the procedure for implementing threats and vulnerabilities assessment (together with the rest of risk assessment) is usually written in the Risk assessment methodology - you can see a sample here: https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
You'll find these articles also useful:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Nov 07, 2016