24 lines
844 B
Markdown
24 lines
844 B
Markdown
[ISO 27001 C 4.1](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001_OT%20C%204%20Context%20of%20the%20organization.md#4%201%20Understanding%20the%20organization%20and%20its%20context) requires that "the organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system."
|
|
|
|
No form or method are specified, but there are some good accepted tools for this.
|
|
|
|
Frequently mentioned are SWOT and PEST analyses (in one of it's forms, see [this](https://en.wikipedia.org/wiki/PEST_analysis) Wikipedia page).
|
|
|
|
## PEST and variants
|
|
PEST:
|
|
- Political
|
|
- Economic
|
|
- Social (incl. cultural)
|
|
- Technological
|
|
|
|
PESTLE/PESTEL:
|
|
- Legal (ISO C 4.2)
|
|
- Environmental
|
|
|
|
DESTEP:
|
|
- Demographic
|
|
- Ecological
|
|
|
|
STEEPLED:
|
|
- Ethical
|
|
|