Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

An Overview of Risk Assessment According to ISO 27001 and ISO 27005

This webinar helps on getting important knowledge related to the risk assessment based on the ISO 27005 and its relation to ISO 27001.

Main points covered:
• The process of risk management – from Risk assessment methodology to Risk Treatment plan
• Risk identification – assets, threats and vulnerabilities
• Risk analysis – how to assess impact and likelihood

Presenter:
This webinar was presented by Dejan Kosutic, the main ISO 27001 expert at Advisera. He has an extensive working experience both as tutor and as a consultant. He is an Approved Tutor for ISMS Lead Auditor courses, and delivers various ISO 27001 in-person courses throughout Europe as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized business including IT companies.

Link of the recorded session published on YouTube: https://youtu.be/dbQqRvDHIbc

An Overview of Risk Assessment According to ISO 27001 and ISO 27005

  1. 1. An overview of risk assessment according to ISO 27001 and ISO 27005 Presenter: Dejan Kosutic
  2. 2. Dejan Kosutic ISO 27001 Expert at Advisera Dejan Kosutic is the main ISO 27001 expert Advisera. He has extensive working experience both as tutor and as a consultant – he is an Approved Tutor for ISMS Lead Auditor courses, and delivers various ISO 27001 in- person courses throughout Europe as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized business including IT companies. +1 (646) 759 9933 dejan@advisera.com www.advisera.com hr.linkedin.com/in/dejankosutic Dejan_Kosutic
  3. 3. ©2016 27001Academy www.advisera.com/27001academy 3 Which are the basic steps in ISO 27001 risk assessment and treatment? If you’re planning to start the risk assessment… … to succeed, you need to understand the significance of risk management, and learn what is acceptable according to the standard
  4. 4. ©2016 27001Academy www.advisera.com/27001academy 4 Risk management is the critical first step in ISO 27001 implementation – it determines everything that happens afterward.
  5. 5. ©2016 27001Academy www.advisera.com/27001academy Agenda 5 • Why risk management? • The process of risk management • Elements of risk assessment • Identification of assets • Threats and vulnerabilities • Impact and likelihood
  6. 6. ©2016 27001Academy www.advisera.com/27001academy Why risk management? 6 Information security management (ISO 27001) Measurement (ISO 27004) Safeguards (ISO 27002) Risk management (ISO 27005)
  7. 7. ©2016 27001Academy www.advisera.com/27001academy The process of risk management… 7 Your Text Analyze and assess Your Text Mandatory procedures Your Text Risk assessment methodology Your Text Risk assessment Your Text Risk treatment
  8. 8. ©2016 27001Academy www.advisera.com/27001academy …The process of risk management 8 Your Text Mandatory procedures Your Text Statement of Applicability Your Text Risk treatment plan
  9. 9. ©2016 27001Academy www.advisera.com/27001academy Elements of risk assessment 9 Risk identification Asset Thre- at Vulne- rability Risk analysis Impact Like- lihood Risk = Impact x Likelihood (or) Risk = Impact + Likelihood Risk owner
  10. 10. ©2016 27001Academy www.advisera.com/27001academy Assets – What do we protect? 10 • Examples: • Hardware • Software • Information (electronic, paper etc.) • Infrastructure • People! • etc. • Identification of asset owners
  11. 11. ©2016 27001Academy www.advisera.com/27001academy Threats – What can happen? 11 Examples: • Fire • Earthquake • Computer viruses • Bomb threat • Equipment malfunction • Key people leaving the company
  12. 12. ©2016 27001Academy www.advisera.com/27001academy Vulnerabilities – Why can that happen? 12 Examples: • Lack of fire-extinguishing system • Lack of business continuity plans • Lack of anti-virus software • Lack of incident response procedures • Obsolete equipment • Lack of replacement
  13. 13. ©2016 27001Academy www.advisera.com/27001academy Impact and likelihood 13 • Example of assessment scale: • High • Medium • Low • Or: • 1 to 5 • 1 to 10
  14. 14. ©2016 27001Academy www.advisera.com/27001academy Example of Risk assessment table 14 Asset Owner Threat Vulnerability Impact (1-5) Likelihoo d (1-5) Risk (=I+L) Server Admin. Electricity outage No UPS 4 2 6 Fire No fire extinguisher 5 3 8 Contract Managing director Access by unauthorized persons The contract is left on a table 4 4 8 Fire No fire protection 4 3 7 System administra tor Departm ent head Accident No-one else knows the passwords 5 3 8
  15. 15. ©2016 27001Academy www.advisera.com/27001academy Conclusion 15 Don’t skip the risk assessment – without this kind of analysis your information security will be full of holes!
  16. 16. www.advisera.com/27001academy/ Thank you!
  17. 17. ? QUESTIONS THANK YOU +1 (646) 759 9933 dejan@advisera.com www.advisera.com linkedin.com/in/dejankosutic Dejan_Kosutic

×