THREAT « The InfoSec Blog

Information Gathering and Risk Assessment

Posted by Anton Aylward

On the ISO2700 forum one user gave a long description of his information gathering process but expressed frustration over what to do with it all all, the assets, the threats and so forth, and trying to make it into a risk assessment.

It was easy for the more experienced of us to see what he was missing.

He was missing something very important -- a RISK MODEL
The model determines what you look for and how it is relevant.

Tagged as: Classical Equation, controls, ISO/IEC 27000, ISO/IEC 27001, ISO27K, Mehari, METHODS, MODEL, NIST, RA, Risk analysis, Risk assessment, Risk Management, Risk Management Plan, SCOPE, SoA, THREAT, Tree_of_life Religion_and_mythology Continue reading

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

M	T	W	T	F	S	S
« Nov
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Information Gathering and Risk Assessment

Posted by Anton Aylward

Availability

Popular Pages

Categories

Archives

Calendar of Posts

Meta

Security Links