Analysis of external issues

Answer: For external analysis I can suggest you the Porter's Five Forces Model (substitute products or services, established competitors, new entrants, bargaining power of suppliers and the bargaining power of customers) and the PEST (political, economic, social and technological) analysis. These approaches can provide you a systemic view of the external environment for the identification of relevant issues to your organization.

This article will provide you further explanation about analysis of external issues:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

First, I want to thank you for your quick and helpful response. The purpose and 'how-to' of the Porter's Five Forces Model is clear to me. The PEST analysis isn't all clear to me. On the web and in books from my study, it is explained kind of generally, while I need to analyse the issues regarding to information security. I find it hard to understand how I should apply the PEST analysis in the right way. Could you help me explaining this issue? I hope I am clear enough.

Sure. Examples of how you can apply PEST analysis to information security are:

Political: How governments and politicians see and understand information security can define state-wide agendas and impact on regulations and laws applicable to several industries.

Economic: Which costs and profit opportunities can be related to the adoption of information security practices (in some countries that have to import technology variations in the currency used to buy assets can heavily affect security decisions).

Social: Depending on the society culture, impacts perceived by society due an information breach can be far more greater than the real thing. On the other hand, depending on the culture, the assimilation of security practices can be more difficult (a perception of excessive surveillance and invasion of privacy).

Technological: the obsolescence and ascension of new technologies can lead to a complete transformation of security practices (e.g., quantum computati on can have a serious impact on cryptographic controls, and the "Internet of Things - IOT" bring a new whole set of problems related to connectivity).