Risk Assessment
As part of our Risk Assessment, I am using your tool kit. Is there a document or template that explains what threats and vulnerabilities are associated with what assets?
What should I choose from your list of threats and vulnerabilities for ***, which is cloud software?
Assign topic to the user
To see examples of associated assets, threats, and vulnerabilities, please see:
- Checklist of cyber threats & safeguards when working from home https://info.advisera.com/27001academy/free-download/checklist-of-cyber-threats-and-safeguards-when-working-from-home
- Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
Regarding what you should choose from our list of threats and vulnerabilities, the best approach is to ask the people who work depending on this cloud software what their biggest concerns are, because from that you can identify which assets, threats, and vulnerabilities to consider.
For example, if they are concerned with losing data, then the assets where data is stored must be considered, as well as threats and vulnerabilities that can impact these assets vulnerabilities.
For further information, see:
- Risk assessment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
Comment as guest or Sign in
Oct 28, 2022