Cryptographic controls
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: I am sorry, but if you mean the domain A.10 of the Annex A of ISO 27001, it is not about performing a risk assessment, it is simply about cryptographic controls, and here you need a policy on the use of cryptographic controls (control A.10.1.1), and a key management (A.10.1.2). For more information about this domain, this article can be interesting for you “How to use the cryptography according to ISO 27001 control A.10” : https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/
Keep in mind that the risk assessment is necessary for reaching a conclusion whether cryptographic controls are applicable or not, and once this conclusion is reached no further risk assessment is needed. This article can be also interesting for you "The basic logic of ISO 27001: How does information security work?" https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
thank you for your response, I agree with your comments; however, I am of the opinion that before deciding on the encryption key length whether 128, 512 or etc an assessment should be performed
Comment as guest or Sign in
Sep 05, 2018