Expert Advice Community

Guest

Risk assessment

  Quote
Guest
Guest user Created:   Nov 08, 2018 Last commented:   Nov 08, 2018

Risk assessment

I have a couple of questions about the Risk assessment:
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 08, 2018

1. We are a small company, the CIO (me) will be the risk owner for all assets, is that a problem?

Answer: ISO 27001 does not define who must be the risk owner, so a single person can be the owner of all risks. The choice of the risk owner should consider the capability to make decisions about treating the risks and that the quantity of risks do not become excessive to be managed.

For more information, see: Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/

2. Do I have to include also the private phones of our employees (their mailbox is configured on it and an app for 2 factor authentication)

Answer: If the organization does allow employees to use their own devices to access information included in the ISMS scope, then these personal devices should be included in the risk assessment.

For more information, see: How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advi sera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/

3. Do I have to include also the private PC of laptop that they use at home to connect via VPN to an online workplace where the can work from home?

Answer: Like the previous answer, if the organization does allow employees to use their own devices to access information included in the ISMS scope, then these personal devices should be included in the risk assessment.

For more information, see:How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 08, 2018

Nov 08, 2018