riskhantering (en)

Alla Inga Spara

• 7.1. General considerations Input: Organizational context, business strategy, stakeholders | Output: Overall risk management guidelines | Implementation: Identify business objectives, security and legal requirements
• 8.1. General description of information security risk assessment Input: Organizational context, risk management policy, available resources | Output: Risk assessment process, prioritized risks | Implementation: Define goals and scope, establish a risk assessment framework, conduct and document risk assessment
• 8.2.2. Identification of assets Input: Organizational context, process descriptions, information flows | Output: Identified assets and their value | Implementation: Map and categorize assets, asses their value and criticality
• 8.2.3. Identification of threats Input: Assets, information flows, threat intelligence | Output: Identified threats to the assets | Implementation: Perform threat analysis, utilize threat catalogs or industry-specific threat lists
• 8.2.4. Identification of existing security controls Input: Assets, documentation of security controls | Output: Identified existing security controls | Implementation: Conduct a review of existing security controls and identify their effectiveness
• 8.2.5. Identification of vulnerabilities Input: Assets, vulnerability information | Output: Identified vulnerabilities | Implementation: Analyze assets and identify vulnerabilities using internal and external resources
• 8.2.6. Identification of impacts Input: Assets, threat information, vulnerability information | Output: Identified impacts of an incident | Implementation: Assess the effects of threats and vulnerabilities on assets and the overall business

Alla Inga Spara