Would you please send me the threats into groups based on their nature with an each example.
Answer:
I can give you some examples, which are based on ISO 27005 (code of best practices about information security risk management):
- Physical damage: Fire, water damage (due to flood), etc
- Natural events: Seismic phenomenon, volcanic phenomenon, etc
- Loss of essential services: Loss of power supply, failure of telecommunication equipment, etc.
- Compromise of information: Remote spying (a computer has been hacked), disclosure (the database of the organization published), theft of equipment, etc
- Technical failures: Equipment failure (the equipment cannot run due to hard drive fault), software malfunction (Windows cannot start), etc
- Unauthorized actions: Corruption of data (information in the database is modified without authorization), fraudulent copying of software (Windows without licenses), etc.
- Compromise of functions: Error in use (you forget to perform a backup), abuse of rights (someone without authorization performs actions as administrator), etc.
Anyway, here you can see our catalogue of threats & vulnerabilities, which I think that can be interesting for you “Catalogue of threats & vulnerabilities” : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Finally, maybe can be also interesting for you our online course about ISO 27001:2013 foundations, which contains detailed explantation of the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 03, 2016