Hello, I am currently required to carry out an information security risk assessment using the ISO 27005 standard for the Equifax data breach that occurred in 2015, The Equifax Breach: What You Should Know — Krebs on Security.
As far as I am aware, the risk assessment process is generally divided into three sections. First, risk identification. Followed by risk analysis and lastly risk evaluation.
I am currently working on the risk identification section and would appreciate any assistance on methods or techniques I can use to identify suitable assets, threats, vulnerabilities and controls.
Thanks in advance!
*Edit:- Just wanted to make it clear that I'm not asking for the actual assets, threats, vulnerabilities or controls but rather ways of finding them.
As far as I am aware, the risk assessment process is generally divided into three sections. First, risk identification. Followed by risk analysis and lastly risk evaluation.
I am currently working on the risk identification section and would appreciate any assistance on methods or techniques I can use to identify suitable assets, threats, vulnerabilities and controls.
Thanks in advance!
*Edit:- Just wanted to make it clear that I'm not asking for the actual assets, threats, vulnerabilities or controls but rather ways of finding them.
Last edited: