2. Identify risks Analyse risks



Download 112,34 Kb.
Sana04.06.2022
Hajmi112,34 Kb.
#634915
Bog'liq
uhyubghg


An ISO 27001 risk assessment helps organisations identify, analyse and evaluate weaknesses in their information security processes.
1. Establish a risk management framework

2. Identify risks

3. Analyse risks 

4. Evaluate risks

5. Select risk treatment options


One of the key elements is having conditions for performing a risk assessment – e.g. annually and whenever there is a significant change. 


This includes how you will identify risks; who you assign risk ownership to; how the risks affect the confidentiality, integrity and availability of the information; and the method of calculating the estimated damage of each scenario and the likelihood of it occurring. 
A formal risk assessment methodology needs to address several issues: 

  • Your organisation’s core security requirements 

  • Risk scale 

  • Risk appetite 

  • Methodology: scenario- or asset-based risk assessment 

  • Identifying the risks that can affect the confidentiality, integrity and availability of information is the most time-consuming part of the risk assessment process. 

  • We recommend following an asset-based approach. Developing a list of information assets is a good place to start, but if your organisation has an existing list, most of the work will already be done.

  • You must identify the threats and vulnerabilities that apply to each asset. 

  • For example, if the threat is ‘theft of mobile device’, the vulnerability might be ‘a lack of formal policy for mobile devices’. 

  • You must identify the threats and vulnerabilities that apply to each asset. 

  • For example, if the threat is ‘theft of mobile device’, the vulnerability might be ‘a lack of formal policy for mobile devices’. 


Download 112,34 Kb.

Do'stlaringiz bilan baham:




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish