Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Risk Assessments for Early Start up

  Quote
Guest
Guest user Created:   Aug 06, 2021 Last commented:   Aug 06, 2021

Risk Assessments for Early Start up

I am putting our together our first Risk Assessment.  As a small start-up (10 people) with limited assets, I was hoping to put together a simple Risk Assessment with more generic items.


I took these lists from different NIST Standards.  Do you believe this would create a compliant risk assessment:

Asset List: Person, Organization, System, Software, Database, Network, Service, Data, Computing Device, Circuit, Website


Threat Options: Adversarial, Accidental, Structural, Environmental, Vulnerability Options, Information -Related, Technical – Architectural, Technical – Functional, Operational/Environmental

Basically, are these categories too broad to be used in a compliant risk assessment?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 06, 2021

ISO 27001 does not prescribe assets and threats to be used for risk assessment, so you should consider assets and threats regarding your own organizational context (e.g., industry, adopted technologies, etc.). Without this kind of information is not possible to provide a more detailed answer.

What we can say at this moment is that you should avoid using so broad categories, because assets/threats related to them may require different treatment approaches. For example, in software, you can have off-the-shelf software and internally developed software. For the network, you can have firewalls and switches. As for the environment, you may have fire and flood.

Included in your toolkit you have a Risk Assessment Table with lists of assets, threats, and vulnerabilities commonly used in information risk assessment. It is located in folder 05 Risk Assessment and Risk Treatment. Additionally, you have access to a video to a video tutorial that can help you perform risk assessment, using real data as an example.  

These articles will provide you a further explanation about risk assessment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 06, 2021

Aug 06, 2021

Suggested Topics

Guest user Created:   Sep 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk register

Guest user Created:   Sep 13, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk Assessment Questions