SOP for threats and vulnerability assessment
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
Answer: In ISO 27001 implementation, the procedure for implementing threats and vulnerabilities assessment (together with the rest of risk assessment) is usually written in the Risk assessment methodology - you can see a sample here: https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
You'll find these articles also useful:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Comment as guest or Sign in
Nov 07, 2016