Threat analysis
Assign topic to the user
Answer: You are correct in your thinking that the server room should be analysed in the context of the server, and that threats which impact the server will also affect the server room (after all, the server room is a protection for the server), but you should note that impacts may be different for the server and the server room, resulting in different control measures. For example, pollution applied to a server affects only the server, while pollution applied to a server room affects all the servers in the room, as well as other equipment and assets inside the room (e.g., network devices, UPSs, etc.). To mitigate pollution i mpacts you may define a maintenance plan for both servers and server room, but the details of each plan will be completely different.
This article will provide you further explanation about threat analysis:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding threat analysis:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 14, 2016