Expert Advice Community

Home / ISO 27001 & 22301 / Software assessment

Guest

Software assessment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   May 25, 2019 Last commented:   May 25, 2019

Software assessment

ISO 27001 & 22301
We maintain an approved software list for PCs in network and when any user requests an unapproved software a risk assessment is done for the same before it gets installed. What are the key things must be looked into when doing a risk assessment for a standalone software which is open source product or developed by a private company?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.
Expert
Rhand Leal May 25, 2019

Answer:

Points to be considered are:
- Business needs
- License type (even for open source software)
- Know vulnerabilities (you can search on NIST vulnerability database)
- Software reputation on market
- Existence of periodic release of security patches
- Software private policy

This article can provide further information about risk assessment:

- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 25, 2019

May 25, 2019

Suggested Topics
Guest user Created:   Feb 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Risk Assessment software
Guest user Created:   May 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Questions
Guest user Created:   Feb 20, 2023 ISO 27001 & 22301
Replies: 1
0 0

Risk Assessment Question