SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Risk Assessments in Conformio

  Quote
Guest
Guest user Created:   Feb 15, 2022 Last commented:   Feb 15, 2022

Risk Assessments in Conformio

1. Can assets be put in a hierarchy, so that filing cabinets can be seen as part of an office building, or firewall as part of a server? I think this would have benefits for overview and determining potentially assets affected by incidents related to other assets below or above in the hierarchy. I'm not sure whether this makes sense from a Risk Management perspective. 2. I see the same vulnerabilities for different assets, like inadequate change control for laws, regulations, etc but also for policies, procedures and work instructions. Is there a way to optimize this and to reduce the number of vulnerabilities?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 15, 2022

1. Can assets be put in a hierarchy, so that filing cabinets can be seen as part of an office building, or firewall as part of a server? I think this would have benefits for overview and determining potentially assets affected by incidents related to other assets below or above in the hierarchy. I'm not sure whether this makes sense from a Risk Management perspective.

While this functionality would be interesting, it is not currently available in Conformio because it is not required by the standard (even the guidelines from ISO 27002 for ISO 27001 Annex A control A.8.1.1 Inventory of assets do not mention this), and the building of such hierarchy would mean a whole module by itself (it is a whole discipline of ITIL and ISO 20000 - Service Asset and Configuration Management).

For further information, see:

2. I see the same vulnerabilities for different assets, like inadequate change control for laws, regulations, etc but also for policies, procedures and work instructions. Is there a way to optimize this and to reduce the number of vulnerabilities?

Please note that a single vulnerability may impact different assets like in the example you provided, but it is not mandatory to associate that vulnerability for all listed assets. These relations are only suggestions provided to help you perform risk assessment, so you can decide to not select the vulnerability for some assets.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 15, 2022

Feb 15, 2022

Suggested Topics