Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Conformio risk register, confused by some of the threat mappings for Human Resources

  Quote
Kevin Foley Created:   Aug 24, 2021 Last commented:   Aug 25, 2021

Conformio risk register, confused by some of the threat mappings for Human Resources

The Conformio risk register defines the following

  • Threat is what kind of negative thing can happen to your asset because the vulnerability exists.

The mapping path is Asset to Vulnerabilty to Threat

Asset: Employees with specific expertiese ( system admin, security experts ) 

Vulnerability: Replacement person does not exist or is inadequate

Threat:  Earthquake / Fire / Flood / Storm ?

Of the 12 items listed, only 2 seem reasonable - breach of contracts and information disclosure

Seems like this mapping needs some work, or am I misunderstanding something ?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 25, 2021

Please note that the mentioned threats (Earthquake / Fire / Flood / Storm) can cause injuries on employees (making them unable to work), or preventing them from reaching the workplace, and if there is no replacement person to perform activities the business will be negatively impacted.

This article will provide you a further explanation about matching assets, threats, and vulnerabilities:

This material will also help you regarding matching assets, threats, and vulnerabilities:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 23, 2021

Aug 25, 2021

Suggested Topics

Guest user Created:   Sep 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Conformio questions

Guest user Created:   Sep 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk register

Rena Created:   Sep 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Conformio ISO Documentation