O'Reilly logo

Information Security Risk Management for ISO27001/ISO27002 by Steve Watkins, Alan Calder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 9: THREATS AND VULNERABILITIES

The second step in the ISO27001 risk assessment process is to identify the threats to the identified assets. The third step is to identify the vulnerabilities those threats might exploit. Threats and vulnerabilities go together and, for that reason, we are addressing them together in this chapter.

The difference between ‘threats’ and ‘vulnerabilities’ is not always immediately clear to people new to the subject and, as a risk assessment process is implemented within an organisation, it will not be immediately clear to everyone involved in it. It is very important to always differentiate clearly between these two attributes of a risk, because the existence of the risk itself is dependent on the co-existence ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required