People related threats and vulnerabilities
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: In fact, the loss of knowledge is an impact (the effect of a realized risk), that can be result of several types of risks, including risks related to people.
Considering the asset-threat-vulnerability methodology, some people-related risks that can result in loss of knowledge are:
- Social engineering: people may be induced by an attacker to inadvertently facilitate the theft of information. A vulnerability would be people without knowledge on how identify and handle social engineering attacks.
- Corruption: people may be induced by an attacker to steal information. A vulnerability would be people personal problems.
- Any event that can make people unavailable or inaccessible (e.g., better job offers, sickness, death, transport strike, etc.). A vulnerability would be people behaviour of not documenting knowledge.
This article will provide you further explanation ab out risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 27, 2017