CIA, Privacy and risk management
How CIA Triage And privacy severity of the asset (Asset Value) to be aligned along with Impact & Probability in risk management?
Assign topic to the user
Please note that ISO 27001 specifies that the CIA is directly related to risks (6.1.2 c 1), and to consequences (i.e., impacts) (6.1.2 d 1), and asset value (in your case privacy severity) is defined in terms of legal requirements (e.g., laws, regulations, and contracts), and their criticality and sensitivity to compromise due to realized risks.
There is no direct relation between the CIA triad and Asset value to probability.
For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
This material can also help you:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 05, 2020