Tag: "conformio" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Conformio risk register, confused by some of the threat mappings for Human Resources

    The Conformio risk register defines the following

    • Threat is what kind of negative thing can happen to your asset because the vulnerability exists.

    The mapping path is Asset to Vulnerabilty to Threat

    Asset: Employees with specific expertiese ( system admin, security experts ) 

    Vulnerability: Replacement person does not exist or is inadequate

    Threat:  Earthquake / Fire / Flood / Storm ?

    Of the 12 items listed, only 2 seem reasonable - breach of contracts and information disclosure

    Seems like this mapping needs some work, or am I misunderstanding something ?