Expert Advice Community

Guest

Matching threats and vulnerabilities

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Matching threats and vulnerabilities

Currently I'm doing Risk Assessments in my organization using your "Risk Assessment Table". I find it very difficult when it comes to matching Threats to Vulnerabilities. As you know I'm doing the assessments with System/Process owners or Department managers and this exercise needs a lot of corporation from them. I was wondering if it is possible to make this a much simpler approach. Like If a particular threat is selected only the vulnerabilities related to that threat will show up in the Vulnerabilities column, so it is much easier to match rather than scrolling through the whole list. Please advise on making this task simple.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Guest
DejanK Jan 12, 2016

Answer: Unfortunately, our Risk assessment table does not offer this kind of automation. However, you should use your common sense when doing this matching - e.g. if a threat is a virus, then the vulnerability can be lack of anti-virus software. If a threat is fire then the vulnerability can be lack of procedures (incident response procedures) or lack of fire suppression systems.

As a general rule, each asset sh ould have 2 to 5 threats, and each threat 2 to 3 vulnerabilities. You really don't have to do more than that in your initial risk assessment.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016