Threat/Vulnerability Catalogue for risk assessment

B

Brunforg

Registered
Hello

We are looking to do Risk assessment in our company ( asset based ) and was wondering if you could share any Vulnerability/threat catalogue that would show the types of threats/vulnerabilities to consider

Do you guys use such catalogue to make risk assessment easier when conducting consultancy ? Or what do you use to make risk assessment easier ?

Please help
 
R

Ragnarok

Involved In Discussions
Hello

I actually meant something like the ISO 27005 threat/Vulnerability catalogue, where threat and vulnerabilities were tied one to another and also tied to a specific asset type, like HW, SW, persons, network... Etc... Can anyone help with any such guides? Would help us a lot

Thanks
 
A

akp060

Involved In Discussions
Hi Brunforg,

Regarding the type of vulnerabilities to be considered, a Cybersecurity Bill of Materials would help. It is essentially the list of all SOFTWARE ITEMS that are likely to get impacted. The types of threat would then be easy to identify that can impact each of these "list items". I am sure there would not be a catalog. Guess you will have to make your own.

There is one more thread that I observed and may help you
Medical device vulnerability highlights problem of third-party code in IoT devices
 
Last edited:
You must log in or register to reply here.

Similar threads

S
FDA Cybersecurity risk assessment
Replies
2
Views
469
summer
S
G
Systems v Tools and Risk Assessment
Replies
4
Views
857
Tidge
T
V
Risk number - same (calculated) number for acceptable & not acceptable risk, how to handle?
Replies
9
Views
620
Bev D
Bev D
B
How to integrate risk assessment of a medical device to a SOP for ISO 14155:2020
Replies
1
Views
322
Enternationalist
Enternationalist
Richard Regalado
Two risk assessments for ISMS
Replies
0
Views
570
Richard Regalado
Richard Regalado
Top Bottom