SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Vulnerabilities identification

Guest

Vulnerabilities identification

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Aug 25, 2017 Last commented:   Aug 25, 2017

Vulnerabilities identification

ISO 27001 & 22301
I would also like to know when talking about the vulnerabilities that I shall be considering for the risk assessment for my system/organisation, should that be what I got from Vulnerability Assessment(VA) using tools like Nessus or find vulnerabilities by manual efforts & if not then what should the perfect source be?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.
Expert
Rhand Leal Aug 25, 2017

Answer: In fact, the best approach is to consider every information source you can access (Nessus's reports, manual reviews, market trends, etc.), because each one of them better fits for different situations. For example, Nessus is perfect to find vulnerabilities that are known and which evaluation procedures can be automated, but it is not good for scenario and context evaluation, something we humans still are best doing it. Market trends can help you figure out vulnerabilities that in principle may be out of your day to day activities.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 25, 2017

Aug 25, 2017

Suggested Topics
Guest user Created:   Feb 20, 2023 ISO 27001 & 22301
Replies: 1
0 0

Risk Assessment Question
Guest user Created:   Dec 21, 2016 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment and treatment process
Guest user Created:   Sep 05, 2016 ISO 27001 & 22301
Replies: 1
0 0

How to identify assets