Expert Advice Community

Guest

Discovery process

  Quote
Guest
Guest user Created:   Aug 20, 2020 Last commented:   Aug 20, 2020

Discovery process

Hi, in based on iso27001 and 2, which area is responsibale of make the patching process after the discorvery procees from any security process

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 20, 2020

I'm assuming that by discovery process you are referring to the risk assessment process and by patching process you are referring to the risk treatment process.

Considering that, please note that ISO 27001 does not prescribe who must be responsible for activities in the risk management process, so organizations are free to define them the best fit their needs.

In a general way, the responsible for treating risk is the risk owner and it must be chosen based on his/her interest and authority to treat the risk.

For example, the risk owner for systems that need to be patched could be the System administrator, or the Head of IT.

 These articles will provide you a further explanation about risk management process and risk owner:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

This material will also help you regarding risk management process and risk owner:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 19, 2020

Aug 19, 2020

Suggested Topics