SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Weakness, event and incident

Guest

Weakness, event and incident

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Weakness, event and incident

ISO 27001 & 22301
0 0

Assign topic to the user

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.
Guest
AntonioS Jan 12, 2016

Kindly enlighten me with what is the difference between IS weakness, event and incident? 
In my opinion, weakness can be an event if it is exploited. And an event can be an incident if it endangers the CIA of organization's information asset.
 

Answer:

Ok, you are right. In accordance with ISO 27000:2012, a vulnerability "is a weakness of an asset or control that can be exploited by one or more threats”, and an event “is an occurrence or change of a particular set of circumstances” and “An event can sometimes be referred to as an ‘incident’ or ‘accident’ “. So, an incident can be an event.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Jul 20, 2020 ISO 27001 & 22301
Replies: 1
0 0

Questions on security incident and clause 4
Guest user Created:   Jun 14, 2023 ISO 27001 & 22301
Replies: 3
0 0

No budget to implement control A.8.12 Data Leak Prevention