You work is based on the company SMS and the company description available. The work will be carried out in your student groups, but the report must clearly state who did what in the assignment. It is up to you to decide what is a reasonable limit for the task. Keep in mind that demarcation can be the hard part to solve. The task is also to determine the limit against the course schedule. Be sure to motivate your demarcation.
The work will be carried out with the tools provided and based on ISO/IEC 27001 and MSB’s method support.

Aim

Analyse Business and Environment
Identify and analyze operations and the outside world related to information security based on:

Business
• internal stakeholders
• internal prerequisites
• information assets

Environment

• external stakeholders
• external prerequisites
• legal requirements

More information about Analyse Business and EnvironmentAnalyse Risk

Perform a risk analysis with a focus on information security by:
• Select appropriate information assets to proceed with
• Identify and  threats vulnerability
• Make a risk assessment – Consequence and Probability
• Develop suggestions for action

More information about Analyse RiskAnalyse Gap

Perform a Gap analysis with a focus on information security by:
• Identify the applicability of security controls
• Document the current situation
• Document improvement suggestions