10. Natural Disasters Acoustic
(Flood, Lightning,
Earthquake, ...)
Information
(Telephone conversations,
in public,
in meetings, ...)
Technical failures
Logical Physical
17799 * 27001
17799 * 27001
(Communication,
Lack of energy, Information Information
Equipment break-down, ...) (Faxs, contracts,
BS ISO/IEC
BS ISO/IEC
(electronic records)
reports, manuals, ...)
Business
Human Failure
(Maintenance errors,
User errors,
Lack of staff, ...) Visual
Intelectual
Information
(Vídeo, fotos, Information
environment, ...) (Knowledge)
Social Problens
(Strikes,
Terrorism Attack,
politics, legislation...)
11. '' # 2 < #*
A5 Security policy
A6 Organization of Information Security
A7 Asset management
A8 HR A9 Physical and A10 Communications A12 Information
security Environmental and operations Systems
security management Acquisition,
development
A11 Access control and maintenance
A13 Incident Management A14 Business continuity management
A15 Compliance
13. > = #
$
& #
$ 2 4 )
3 % 9-
?
Communicate and Consult
Assess Risks
Identify Analyse Evaluate Control
Establish the
the the the
Context Risks Risks Risks Risks
Monitor and Review
14. > = #1
Risk Assessment
Asset Identification
and Valuation Identification of
Vulnerabilities
Identification of
Evaluation of Impacts Threats
Business Risk
Rating/ranking of Risks
Risk Management
Review of Existing
Security Controls Identification of
new Security
Controls Policy and
Implementation and Procedures
Risk Acceptance
Risk Reduction
(Residual Risk)
35. You are free: Creative Commons Attribution-
•to copy, distribute, display, and perform this work
NoDerivs 2.0
•to make commercial use of this work
Under the following conditions:
Attribution. You must give the original author credit.
No Derivative Works. You may not alter, transform, or build upon this work.
For any reuse or distribution, you must make clear to others the license terms of this work.
Any of these conditions can be waived if you get permission from the author.
Your fair use and other rights are in no way affected by the above.
This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this
license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559
Nathan Abbott Way, Stanford, California 94305, USA.