Assign topic to the user
ISO 9001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 9001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 9001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First of all, you should note that threats in ISO 27005 catalogue are only examples. They are not mandatory, and probably your organization will have some threats that won't be there (you have to identify them by performing the risk assessment process).
That said, to identify if a threat is related to confidentiality, integrity or availability, you have to analyse how the threat will work over an asset. For example, a malicious software can either allow an unauthorized person the access an information in a database (compromising confidentiality), change it (compromising integrity), or destroy it (compromising availability). This will depend on how the malicious software work.
In case of embezzlement, it is, by definition, a financial fraud (a fraudulent conversion of the property of another person by the person who has lawful possession of the property). Basically this threat is related to the information related to the ownership of a property, then it can be r elated to compromise of information integrity, since in many times involves falsification of records in order to conceal the activity.
Comment as guest or Sign in
Nov 09, 2017