Guest
ISO 27005 Annexes
I am working on the development of InfoSec risk management framework. Can you please guide if we can use the Annex B, C, D (of ISO 27005:2011) in our own framework. Is there any compliance issue?
Assign topic to the user
Expert
Rhand Leal
Feb 13, 2018
Answer: Annexes B (Identification and valuation of assets and impact assessment), C (Examples of typical threats) and D (Vulnerabilities and methods for vulnerability assessment) from ISO 27005 are compilations from common practices and situations found in the market, so there is no problem to adopt them in your framework
This material will also help you regarding risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Feb 13, 2018
Feb 13, 2018
Feb 13, 2018