You work is based on the company SMS and the company description available. The work will be carried out in your student groups, but the report must clearly state who did what in the assignment. It is up to you to decide what is a reasonable limit for the task. Keep in mind that demarcation can be the hard part to solve. The task is also to determine the limit against the course schedule. Be sure to motivate your demarcation.
The work will be carried out with the tools provided and based on ISO/IEC 27001 and MSB’s method support.
Aim
Analyse Business and Environment
Identify and analyze operations and the outside world related to information security based on:
Business
• internal stakeholders
• internal prerequisites
• information assets
Environment
• external stakeholders
• external prerequisites
• legal requirements
More information about Analyse Business and EnvironmentAnalyse Risk
Perform a risk analysis with a focus on information security by:
• Select appropriate information assets to proceed with
• Identify and threats vulnerability
• Make a risk assessment – Consequence and Probability
• Develop suggestions for action
More information about Analyse RiskAnalyse Gap
Perform a Gap analysis with a focus on information security by:
• Identify the applicability of security controls
• Document the current situation
• Document improvement suggestions