Expert Advice Community

Guest

CIA, Privacy and risk management

  Quote
Guest
Guest user Created:   Dec 05, 2020 Last commented:   Dec 05, 2020

CIA, Privacy and risk management

How CIA Triage And privacy severity of the asset (Asset Value) to be aligned along with Impact & Probability in risk management?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 05, 2020

Please note that ISO 27001 specifies that the CIA is directly related to risks (6.1.2 c 1), and to consequences (i.e., impacts) (6.1.2 d 1), and asset value (in your case privacy severity) is defined in terms of legal requirements (e.g., laws, regulations, and contracts), and their criticality and sensitivity to compromise due to realized risks.

There is no direct relation between the CIA triad and Asset value to probability.

For further information, see:

- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/knowledgebase/how-to-assess-consequences-and-likelihood-in-iso-27001-risk-analysis/

This material can also help you:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 05, 2020

Dec 05, 2020

Suggested Topics