One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5350915 |
| Date de publication | 2022-06-24 13:40:08 (vue: 2022-06-24 02:06:21) |
| Titre | The sadly neglected Risk Treatment Plan |
| Texte |  For some curious reason, the Statement of Applicability steals the limelight in the ISO27k world, despite being little more than a formality. Having recently blogged about the dreaded SoA, 'nuff said on that.Today I'm picking up on the SoA's shy little brother, the Risk Treatment Plan. There's a lot to say and think about here, so coffee-up, settle-down, sit forward and zone-in.ISO/IEC 27001 barely even acknowledges the RTP. Here are the first two mentions, tucked discreetly under clause 6.1.3: |
| Envoyé | Oui |
| Condensat | the errrrr for how if is ok once the things what 2½ 2018 2022 27000 27001 27002; 27003 27005 27005:2022 27007 31000 3:hmmm :risk ;casually ;even ;presumably ;since ;where about acceptable acceptable;if acceptance accepted accepted;an accountability accountability; acknowledges action actions active activities actually add added adjusting advice after against akin all almost already also alternative although always ambiguity ambiguous amount analogue analysis and/or andexpected annex another any anyone anyway appears applicability appreciate approach appropriate approval approved architecture are arguably around arrangements aside aspect assessed assessment assurance attack auditor auditors audits authority avoid/mitigate/share/accept avoided axes back barely basically bed been beer behind being below binary bit blogged both brother budget bunch business but but: when called can cannot casual certification change changes check clause clear clearly clue cluster coffee complete completed comprehensive concern concerned concerns conformity consequences consider consideration considering content context continuity contractual contradictory contrast control controls controls: controls;users convinced cope corner corrigendum cost could create credibility criteria critique cryptic curious current currently cut dangling deadlines decidedly decides defines describes descriptions design despite detail detailed determine determined/specified developed developing disagree disclosed discreetly discussed documents does doesn doggedly done down dreaded due dynamic each earning easily edge edition effective effectively effectiveness effort either elaborating eliminated elsewhere ends engineering enjoy enormous enough entity entry etc evaluated even every exactly example except executed exhaustive existing expanding expansive expect expected expense explain explicit extent fact fair fan far feel final first flexible focus followed formality format formulated formulating forthcoming forward four fourth free from full fully fundamental funded further future gain gaps gem: generally generating generic/baseline german get given good governance grey ground grounds grundschutz guidance guideline have haven having he/she helpful helps hence here here:the hiding high higher hint hinting hints his/her hmmm holiday honed hopefully how however idea identified ignore imnsho impacts implementation implemented implementing implications implies implying improves inappropriate incident incidents include incomplete indicates/suggests inevitable information infosec ingtriguing initial initiative insists intended intended: intention internal interpret interpretations invention involves involving isms iso iso/iec iso27k item iterations iterative jam jobsworth just keep kind kiwis language largely latitude lead leading least leaves legal less lesser level levels liable like likelihood likely limelight line liners list little living look loop loose lost lot luckily lurking maintaining makes manage management managers manner matariki materialise matter may may maybe mean meaning means meant measure mechanism meeting meets mention mention: mentioned mentions merely methods might mind mitigate mitigated mitigating modes modify more more: most mostly move much must namely nasty nature naughty neat necessary necesssary needs neglected neither new newly next nicely nirvana nonconformity not novel now nuff obligations obviously occur of of:formulating offers omitted once one only open operational opportunity option options options; planning organisation organisations organization other others otherwise out outputs outside overlooked own owner page pages partially patently perhaps person personally phase phrase picking plain plan plan: planned planning plans plus point poor possibility possible/suggested/recommended/required potentially practice precious preferred prepare presently pressure presumably presumption priorities prioritisation prioritised priori |
| Tags | Threat Guideline |
| Stories | APT 19 APT 10 |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.