Control table and risk assessment and treatment
Assign topic to the user
Answer: I'm assuming that for control table you are referring to a data structure that directs a program flow according to the values and relations it contains. Considering that, in a risk assessment you should identify risks that could compromise the information in the control table, which could lead the program to flow in an unexpected or unauthorized manner. Examples are unverified changes, malicious codes, etc.
In the risk treatment you should consider options to minimize such risks, like including data input and data output validation, adoption of a formal change process, etc.
This article will provide you further explanation about risk assessment and treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
These materials will also help you regarding risk assessment and treatment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com /books/iso-27001-risk-management-in-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Aug 15, 2017