Identification of threats
Assign topic to the user
Answer: Our catalogue of threats/vulnerabilities is enough for most of companies (small and medium size), because the list is generic, and includes a lot kind of threats, useful for any business. Anyway, each business is a different world, and maybe in some cases you need to include specific threats, but probably with our list, you can identify the most important ones.
You should know that it is not possible to identify all the risks - this is why risk assessment needs to be updated regularly (at least one a year, but if possible more often), and through this updates you will improve the list by adding the risks you identified through time.
You can also use the catalogue of ISO 27005, which is an international standard that gives you a code of best practices for the information security r isk management, including a catalogue of threats and vulnerabilities, and maybe can help you as complement of our catalogue. You can buy this standard directly from iso.org : https://www.iso.org/standard/75281.html
Comment as guest or Sign in
Sep 08, 2018