Expert Advice Community

Home / ISO 27001 & 22301 / Threats vs vulnerabilities

Guest

Threats vs vulnerabilities

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 20, 2016 Last commented:   Oct 20, 2016

Threats vs vulnerabilities

ISO 27001 & 22301
I am working with a project team to develop a Risk Assessment table for my company. Something I am struggling with is how to define threats, how to define vulnerabilities, and how to tell the difference. Can you provide any guidance on these questions?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.
Expert
Dejan Kosutic Oct 20, 2016

Answer: Threat is something that can damage the confidentiality, integrity or availability of your information; vulnerability is a state of your assets, your systems, your organization, etc. that allows this threat to materialize. E.g. threat is malware, while lack of anti-virus software is a vulnerability.

You'll find more help here: ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

This Catalogue of threats and vulnerabilities will also help you: https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 20, 2016

Oct 20, 2016

Suggested Topics
brianhopla Created:   Sep 19, 2017 ISO 27001 & 22301
Replies: 2
0 0

ISO27005 Threats & Vulnerabilities
Guest user Created:   Aug 24, 2017 ISO 27001 & 22301
Replies: 1
0 0

Identifying threats and vulnerabilities
Guest user Created:   May 27, 2017 ISO 27001 & 22301
Replies: 1
0 0

People related threats and vulnerabilities