Guest
Risk management for email service
I found two diagrams from your provided link: Diagram_of_6_steps_in_ISO_27001_risk_management_EN and Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN. As per the “Diagram_of_ISO_27001_risk_assessment_and_treatment_process_EN” where risk assessment is done based on asset where threat, vulnerability are mentioned related to ISMS Clauses. Our observations: How can we assess the risk management of any service (For example: e-mail service) instead of asset(Laptop). What would be the process?
Assign topic to the user
Expert
Dejan Kosutic
Jun 15, 2019
Answer: The process is similar, in this case:
- Asset: Email service
- Threat: Disruption of service / inability to send and receive emails
- Vulnerability: No alternative provider
- Control: Open account with other email service provider(s) as a backup
- Asset: Email service
- Threat: Disruption of service / inability to access existing emails
- Vulnerability: The data is not backed up
- Control: Use local email client to archive all emails
Comment as guest or Sign in
Jun 15, 2019
Jun 15, 2019
Jun 15, 2019