People related risks

Answer: Considering ISO 27001, when thinking about people related threats you should consider how people can endanger information security (e.g., espionage, error, identity theft, etc.), and when thinking about people related vulnerabilities you should consider how weaknesses related to people can endanger information security (e.g., lack of training, lack of awareness, unavailability of the person, etc.).

These articles will provide you further explanation about assessing risks:
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

These materials will also help you regarding assessing risks:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/