How many threats and vulnerabilities to display
Assign topic to the user
Answer: Theoretically, you should include every possible option, i.e. combination of threats and vulnerabilities related to each threat, even if their value is 0. However, in my opinion you shouldn't list more than 5 threats for each asset, and more than 2 vulnerabilities for each threat.
This article will give you more explanation: ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Feb 24, 2017