Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
ISO27k FMEA Spreadsheet

ISO27k FMEA Spreadsheet



|Views: 1,031|Likes:
Published by vishnukesarwani

More info:

Published by: vishnukesarwani on Oct 31, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as XLS, PDF, TXT or read online from Scribd
See more
See less





Introduction and acknowledgementContents
The FMEA Sample tab has the actual illustration - an analysis of possible failure modes for a firewall.The Guidelines provide additional notes on the FMEA method, including a step-by-step process outline.The Severity, Probability and Detectability tabs have tables demonstrating scales commonly used to rank risks by these criteri
An illustration of the application of Failure Mo(FMEA) techniques to the analysis of infor 
The original version of this spreadsheet was kindly provided to the ISO27k Implementers' Forum by Bala Ramanan to demsecurity risks. Subsequently, Bala kindly agreed to donate it to the ISO27k Toolkit. Apart from minor updates and reformattinThis work is copyright © 2008, ISO27k implementers' forum, some rights reserved. It is licensed under the Creative Comwelcome to reproduce, circulate, use and create derivative works from this
that (a) it is not sold or incorporated iImplementers’ Forum at www.ISO27001security.com, and (c) derivative works are shared under the same terms as this.Risk analysis is more art than science. Don't be fooled by the numbers and formulae: the results are heavily influenced by tof information assets and on the framing of risks being considered. For these reasons, the process is best conducted byassessing and managing information security risks, and (b) the organization, its internal and external situation with respectanyone. It is impossible to guarantee that all risks have been considered and analyzed correctly. Some very experienced pr and we have some sympathy with that viewpoint.The results of the analysis should certainly be reviewed by management (ideally including IT auditors, Legal, HR, other suadjusted according to their experience, so long as the expert views are taken into consideration. Remember: just because tsecurity risk does not necessarily mean that it can be discounted. Organizations with immature security management procesare not even recognized, due to inadequate incident detection and reporting processes.
ImportaHow to
Using p

Activity (22)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
benyamen ac liked this
David Carter liked this
domtellis liked this
Sivo Hum liked this
Richard Reader liked this
bharak liked this
yellowpixies liked this
wwwbobh liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->