Expert Advice Community

Home / ISO 27001 & 22301 / Threats vs vulnerabilities

Guest

Threats vs vulnerabilities

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 20, 2016 Last commented:   Oct 20, 2016

Threats vs vulnerabilities

ISO 27001 & 22301
I am working with a project team to develop a Risk Assessment table for my company. Something I am struggling with is how to define threats, how to define vulnerabilities, and how to tell the difference. Can you provide any guidance on these questions?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Dejan Kosutic Oct 20, 2016

Answer: Threat is something that can damage the confidentiality, integrity or availability of your information; vulnerability is a state of your assets, your systems, your organization, etc. that allows this threat to materialize. E.g. threat is malware, while lack of anti-virus software is a vulnerability.

You'll find more help here: ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

This Catalogue of threats and vulnerabilities will also help you: https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 20, 2016

Oct 20, 2016

Suggested Topics
brianhopla Created:   Sep 19, 2017 ISO 27001 & 22301
Replies: 2
0 0

ISO27005 Threats & Vulnerabilities
Guest user Created:   Aug 24, 2017 ISO 27001 & 22301
Replies: 1
0 0

Identifying threats and vulnerabilities
Guest user Created:   May 27, 2017 ISO 27001 & 22301
Replies: 1
0 0

People related threats and vulnerabilities