An important step in the ISO 27001 risk assessment process is identifying all the potential threats to information security. It is vital to frequently monitor and review your risk environment to detect any emerging threats. Identifying potential threats is a relatively straightforward but time-consuming task.
Identifying threats in risk assessments
You must identify threats that can compromise the confidentiality, integrity, or availability of your in-scope assets.
Threats come in various forms, such as data leaks, system malfunctions, natural disasters, and even terrorist attacks. Your risk assessor will need to take a significant amount of time to carefully consider every reasonable threat to ensure that they don’t overlook, underestimate, or neglect risks that could be severely damaging.
10 threats to include within your risk assessment
To help you get started, we’ve identified the top ten threats you should consider in your ISO 27001 risk assessment.
This list is not comprehensive nor relevant to every organization.
- Social engineering: For example, phishing is a social engineering technique that manipulates people into performing actions or divulging confidential information for malicious purposes
- Access to the network by unauthorized persons
- Disclosure of information or passwords
- Malfunction of equipment
- Loss of electricity
- Errors in maintenance
- Theft of hardware
- Destruction of records
- Human or natural disasters: Human disasters are man-made and include sabotage, vandalism, and tampering. Natural disasters include earthquakes, storms, and landslides
- Terrorist attacks
Streamline the process
vsRisk™ risk assessment software helps you streamline and simplify this process as it contains an extensive list of risks that have been applied to each asset group.
Created by industry-leading ISO 27001 experts, and fully aligned with ISO 27001, vsRisk helps you deliver fast, accurate, and hassle-free risk assessments year after year.