Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Performing Security Risk Analysis

  Quote
Guest
Guest user Created:   Jun 02, 2020 Last commented:   Jun 02, 2020

Performing Security Risk Analysis

I just have a question on performing Security Risk Analysis. Is doing a security audit and VAPT is another way of security risk analysis?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 02, 2020

I'm assuming that by VAPT you mean "Vulnerability Assessment & Penetration Test".

Considering that, first is important to note that the purpose of risk analysis is to evaluate the risk, quantitatively or qualitatively, and that security audit is used to find out if security is being performed as planned, or results achieved are those expected, and that VAPT is used to find out if there are vulnerabilities in your environment that could be exploited.

All of this considered, security audit and VAPT cannot be used for risk analysis, but they can be used for risk identification because their results can point situations where information can be compromised (i.e., risks).

These articles will provide you a further explanation about the risk assessment process:

These materials will also help you regarding risk assessment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 02, 2020

Jun 02, 2020

Suggested Topics

Guest user Created:   Apr 24, 2023 ISO 27001 & 22301
Replies: 1
0 0

Queries ISO 27001

Guest user Created:   Feb 07, 2023 ISO 27001 & 22301
Replies: 1
0 0

Conformio documentation