Expert Advice Community

Guest

Question about the risk assessment table

  Quote
Guest
Guest user Created:   Jan 05, 2022 Last commented:   Jan 05, 2022

Question about the risk assessment table

First of all, I wish you all the best for this new year, to you, the whole Advisera team as well as your loved ones. Starting this new year with our Risk Assessment Table, I was wondering how detailed it should be. I'm sure that, by thinking about it, I could add and add specific points, but I'll have to stop at a certain point. Any general advice about this? more concretely, as our ISO 27001 certification is focused on our SaaS platform, we use a lot of different cloud providers resources, like databases, servers, and many different tools. Is this a best practice to list them all and find potential threats and vulnerabilities for each one? Two examples: - We use *** and *** as 2 separate databases. Should I list both of them or can I "simply" mention that we use "databases" and find threats and vulnerabilities that are applicable to both of them? - We use *** and *** as documentation tools (that can include sensitive information). Should I address them separately?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 05, 2022

ISO 27001 does not prescribe a detailed level for risk assessment and risk treatment, so organizations are free to define the detail level they see fit to provide them the confidence they are treating risk properly.

For example, for some organizations naming an asset as a “database” is enough to map all relevant risks, while for others they find it more useful to use specific assets for different databases because they have different risks specific for each one.

Another good example is the asset “laptop”, for which you can list all common risks, and then add assets like “development laptop” and “sales laptop”, for which you identify specific risks related to the activities they are used to.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 05, 2022

Jan 05, 2022

Suggested Topics

Guest user Created:   Feb 26, 2016 ISO 27001 & 22301
Replies: 1
0 0

Risk Assessment Table

Guest user Created:   Apr 09, 2022 ISO 27001 & 22301
Replies: 2
0 0

Question about toolkit

Guest user Created:   Jun 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 query