2.2 KiB
Assets, Vulnerabilities, Threats, Risks Vulnerability 1 Information security concepts MoC Assets, Vulnerabilities, Threats, Risks
See also slide decks made for workshop sessions. Those for Kaliber, Nedap and Networking4AL are the most recent.
See also Risk appetite 1 See also Classificatie van risico's obv Oorzaken
Definitions
A weakness is a deficiency in controls where it is probable that reasonable threats will not be prevented or detected in a timely manner that directly, or indirectly, affects assurance that the organization can adhere to its stated risk tolerance.
A risk is a situation where someone or something valued is exposed to danger, harm or loss.
A threat is a person or thing likely to cause damage or danger.
An incident is an occurrence that actually or potentially jeopardizes the Confidentiality, Integrity, Availability or Safety (CIAS) of a system, application, service or the data that it processes, stores and/or transmits
Material risks
A weakness, risk, threat or incident is considered 'material' if the potential financial impact exceeds one of the following thresholds1:
- ≥ 5% of pre-tax profit;
- ≥ 5% of revenue;
- ≥ 1% of total equity; and/or
- ≥ 0.5% of total assets.
The official ISO definition of risk is "the effect of uncertainty on objectives," meaning any circumstance, event, or issue that could impede or alter the achievement of an organization's goals, whether those effects are positive or negative deviations from what was expected. This definition is used within key standards like ISO 31000, ISO 27001, and ISO 9001, emphasizing that risk encompasses any factor that threatens or impacts an organization's ability to reach its intended outcomes.
-
SEC, Generally Accepted Accounting Principles (GAAP) and International Financial Reporting Standards (IFRS) ↩︎