ISMS Risk Survey
Como alinear el levantamiento de Riesgo de SGSI con otras unidades de mi organización, para hacerlo en conjunto, por ejemplo con finanzas, proceso, etc. Se podría dar riesgos en común?
How to align the ISMS risk assessment with other units of my organization, to do it together, for example with finances, process, etc. Could you give risks in common?
Assign topic to the user
The most common way to perform ISO 27001 risk assessment is through the asset-threat-vulnerability approach, which can also be applicable to other business processes, because it is based on assets (elements with value to the organizations), and this concept can be applied to other processes in the organization. For example, you can use an asset called management report to identity risks for your ISMS and other processes that uses such asset (e.g., financial management report).
To see a list of threats and vulnerabilities you can use not only for ISMS risk assessment, but also for other business processes, see:
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
To see how to perform a risk assessment compliant with ISO 27001, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
The template for Risk assessment has examples of assets, threats and vulnerabilities you can use.
To see how documents to perform a risk assessment compliant with ISO 27001 looks like, please see: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/
This material will also help you regarding ISO 27001 risk assessment:
- https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process.
Comment as guest or Sign in
Apr 08, 2021