Risk Assessment based on CIA

Risk Assessment based on CIA
C: Confidentiality - property that information is not made available or disclosed to unauthorised individuals, entities, or processes
I: Integrity - property of accuracy and completeness
A: Availability - property of being accessible and usable upon demand by an authorised entity
(Courtesy: ISO 27000)
CIA approach is based on Risk Scenario. There are three building blocks to prepare Rick Scenario:
i. Asset
ii. Threat
iii. Vulnerability 
Threat and vulnerabilities has been mentioned in ISO 27005:2011 in Annex C and D
Risk Score:
a) CIA to be identified by each asset by consensus among the team (C,I,A can be Low = 0, Medium = 1, High = 2)
b) Each vulnerabilities are scored corresponding to each asset (Very Low =0, Low=1, Medium=2, High =3) 
c) Threat against each vulnerabilities on the likelihood of occurrence (Rare = 0, Annual = 1, Monthly = 2, Weekly = 3)
After associating vulnerability and threats with assets, the risk score can be reach at by adding CIA value and then adding it with vulnerability and threat value.
Risk Treatment Options:
Accept, Avoid, Reduce, Transfer
The risks which one wants to reduce are included in Risk Treatment Plan and controls are implemented as per ISO 27001:2013.

Comments

Post a Comment

Popular posts from this blog

Take your business to a new level with business consulting services

Managing a business is always a difficult thing, and business owners often struggle with it. Small business owners and entrepreneurs, mostly face the challenge of small business process management. Managing a business is not only restricted to decision making, small business owners have to do a lot of work to uplift their business venture. As a result, they often find themselves in a hectic schedule. Undergoing hectic schedule keeps the business owners at a distance from planning important business strategies for the future. In order to give stability to your business in the future, and to make your business more target driven, you should opt for the professional business consulting services. Here in the following section, we shall discuss about hiring competent and professional business consultants. Even a few years earlier, business consultancy was considered as useless expenses. But, now the scenario has changed a lot. Businesses are getting built upon ideas, technologies and
Read more

Productive and Appraisal Solution for Software Development Industries

The software development industry has been regarded by economic experts as one of the fastest growing industries in recent times. This is why the competition in this industry could be rightly considered as fierce. Surviving in this industry simply means you are leaving nothing to chance. As a result of this fierce competition, companies are resulting in the use of a various innovative approach that will help them in outsmarting their competitors in the marketplace. This is the ongoing trend in the world and India is not an exception. Software companies in this location are now adopting the Capability Maturity Model Integrated (CMMI) as a means of optimizing their processes. Are you in Pune or in Delhi, and are you looking for reliable firms that provide consulting services in this regards? Or maybe you are in Bangalore and you are having a difficult time locating a company that is into conducting appraisal for this very certification? Or maybe you live in Chennai and you just d
Read more

What is ISO 27001?

ISO 27001 is a standard which helps organizations manage information security. It was published by International Standardization Organization (ISO). The latest revised version is ISO 27001:2013. First version was published in 2005. This standard was developed on British Standards BS 7799-2. Which type of organizations can get certified for ISO 27001? ISO 27001 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. ISO 27001 establishes framework for the implementation of information security management in an organization. Organizations can also get certified for ISO 27001. The independent certification bodies perform the audit and upon compliance with the standard, it issues the certificate to organizations. What are the benefits of ISO 27001?             New client acquisition and retention of old clients            Avoid losses and penalties for data breaches           Comply with business, legal and reg
Read more