Risk Management

CISSP Risk Analysis and Mitigation – Bk1D8T3St2P1

This section looks at risk analysis and mitigation through the lens of software security. A risk is the likelihood that a vulnerability will be exploited by a threat agent that compromises or damages an asset with a resulting business impact. Risk analysis is an effort to identify vulnerabilities and their related threats, assess the potential costs of exploitation, and determine appropriate and cost-effective security controls. Risk management concepts have been thoroughly covered in Chapter 1 …

CISSP Risk Analysis and Mitigation – Bk1D8T3St2P1 Read More »

ISO-27001-Annex-A.8-Asset-Management

ISO 27001 Annex : A.8 Asset Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

A.8.1 Responsibility for Assets ISO 27001 Annex : A.8 Asset Management Its objective is to identify and establish acceptable security responsibilities for the organization’s assets . A.8.1.1 Inventory of Assets Control- Assets related to information and information facilities of an organization should be identified and listed, inventory of these assets should also be maintained. Implementation Guidance- An organization will identify important assets in the information lifecycle, and document their importance. The life-cycle of information should …

ISO 27001 Annex : A.8 Asset Management Read More »

ISO 27001 Clause 10.2 Continual Improvement

ISO 27001 Clause 10.2 Continual Improvement

Leave a Comment / ISO 27001 La, Knowledge Base / By

Required Activity ISO 27001 Clause 10.2 Continual Improvement, The organization continually improves the suitability, adequacy and effectiveness of the ISMS. Why organization needs to have continual improvement? Organizations are never static, nor their contexts. In addition, the threats to the information systems, and the ways in which they can be compromised, are rapidly changing. At the end of the day, there’s no ISMS which remains perfect; it always needs to be set on continual improvement; …

ISO 27001 Clause 10.2 Continual Improvement Read More »

Threat-Intelligence-Informed-Risk-Management

Threat Intelligence Informed Risk Management

Leave a Comment / CTIA / By

Threat Intelligence Informed Risk management  is the process of identifying, assessing, responding, and implementing the activities, which control how the organization manages the potential effects of risks. it has a prominent place throughout the security lifecycle and is a continuous and ever increasing complex process. The types of risks vary from organization to organization but preparing a risk management plan will be common among all organizations. Risk management helps organizations identify critical IT assets and …

Threat Intelligence Informed Risk Management Read More »