Kevin Foley Created: Aug 24, 2021 Last commented: Aug 25, 2021

Conformio risk register, confused by some of the threat mappings for Human Resources

The Conformio risk register defines the following

Threat is what kind of negative thing can happen to your asset because the vulnerability exists.

The mapping path is Asset to Vulnerabilty to Threat Asset: Employees with specific expertiese ( system admin, security experts ) Vulnerability: Replacement person does not exist or is inadequate Threat: Earthquake / Fire / Flood / Storm ? Of the 12 items listed, only 2 seem reasonable - breach of contracts and information disclosure Seems like this mapping needs some work, or am I misunderstanding something ?

Tags: conformio, risk register

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 25, 2021

Please note that the mentioned threats (Earthquake / Fire / Flood / Storm) can cause injuries on employees (making them unable to work), or preventing them from reaching the workplace, and if there is no replacement person to perform activities the business will be negatively impacted.

This article will provide you a further explanation about matching assets, threats, and vulnerabilities:

ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

This material will also help you regarding matching assets, threats, and vulnerabilities:

Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 23, 2021

Aug 25, 2021

Expert Advice Community