Risk assessment and application control practical examples

a. Risk Assessment Table
b. Risk Treatment Table

Answer: Together with the ISO 27001 Documentation Toolkit you bought you have access to video tutorials with practical examples that will help you fill the risk assessment and risk treatment tables. In those videos you will get examples of vulnerabilities, threats, and how assess the level of risk, as well as how to determine options for the treatment of risks and appropriate controls for unacceptable risks.

2. A file (cross-link) that defines the 27002-controls that should be used for the pre-defined vulnerabilities as used in the template that is part of the toolkit.

Answer: Since the applicability of ISO 27002 controls is unique for each organization's context, even for the pre-defined vulnerabilities listed in the template, we do not provide definitions on what should be used by organizations (this is an organization decision, based in specific information). What we can provide are criteria and recommendations that should be considered when deciding which treatments and controls to apply through our many blog post you can consult here: https://advisera.com/27001academy/blog/

These are some examples:
- How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/

If you still feel you need more assistance you can schedule a meeting with one of our experts to ask for more specific orientation (https://advisera.com/27001academy/consultation/), which is also part of the toolkit you bought.