SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   Jan 25, 2022 Last commented:   Jan 25, 2022

Toolkit content

We did a free version of Conformio and we decided to buy the toolkit. We are currently working our way through the documentation, and we are busy with the Risk Register. Please see attached diagram that was found on your website. I was under the impression we would be given these types of resources for each asset. Is it not a part of the toolbox?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 25, 2022

I’m assuming you are referring to the content of the documentation toolkit.

Considering that, please note that the Risk Assessment Table included in the ISO 27001 toolkit contains separated tabs listing examples of assets, threats and vulnerabilities to be used to fill in the Risk Assessment Table (in the cells of each specific column you can chose an item from a list). The only difference from Conformio platform is that Conformio automatically suggests threats and vulnerabilities, while such functionality does not exist in the Excel sheet from the toolkit.

For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

In case you are referring to Conformio, please note that the content of the paper “Diagram of ISO 27001 Risk Assessment and Treatment Process” is a visual presentation of how risk assessment and treatment is performed through the Conformion Risk Register module. You have the same resources available in the Risk Register. It’s only not shown in a graphical format.  

For each risk entry you perform the exact same steps:
- when you chose an asset a set of related vulnerabilities is presented
- for each chosen vulnerability, a set of threats is presented
- when impact and likelihood are defined, for those risks calculated as unacceptable, there will be presented suggested controls to treat them.

When you access the Risk Register, there is a video presenting how to perform risk assessment and treatment in Conformio.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 25, 2022

Jan 25, 2022

Suggested Topics

Guest user Created:   Apr 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Jan 20, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content - A.6.1

Guest user Created:   Jan 13, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content