3.2.1.1 Cyber Security Risk Identification
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right
Principle
Cyber security risk identification should be performed and should include the Member Organization's relevant assets, threats, existing controls and vulnerabilities.
Objective
To find, recognize and describe the Member Organization's cyber security risks.
Control considerations
| 1. | Cyber security risk identification should be performed. |
| 2. | Identified cyber security risks should be documented (in a central register). |
| 3. | Cyber security risk identification should address relevant information assets, threats, vulnerabilities and the key existing cyber security controls. |