Queries ISO 27001
Hola, hice una traducción a una documentació que encontre del Ingles al Español y hay cosas que no entiendo a que se refieren como por ejemplo:
La apreciación de riesgos de seguridad de la información no requiere...
que es lo que no requeriría en este caso, definir los criterios de aceptación de los riesgos, definir sanciones por imcumplimiento en la seguridad de la información, la identificación de los riesgos de seguridad o la identificación de los dueños del riesgo?
Assign topic to the user
Hello, I did a translation of a documentation that I found from English to Spanish and there are things that I do not understand what they refer to, for example:
Information security risk assessment does not require...
What would not be required in this case, define risk acceptance criteria, define sanctions for non-compliance in information security, identification of security risks or identification of risk owners?
Taking into account ISO 27001, the following is required for risk assessment:
- Define a risk assessment process (risk identification, risk analysis, and risk evaluation)
- Define risk acceptance criteria
- Define criteria for performing risk assessment
- Identify risk owners
- Retain documented information about the risk assessment process
Considering that, from your examples, defining sanctions for non-compliance in information security is not required.
For further information, see:
- 6 main steps in risk management https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/
- Risk assessment methodology https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#section3
- Risk assessment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
Comment as guest or Sign in
Apr 24, 2023