FCS security governance critical success factor
I want to write a risk assessment table , do we include the asset category, CWE, vulnerability, likelihood , impact and risk in the table column or not
Assign topic to the user
ISO 27001 requires risk assessment only to identify risks, risk owners, and determine the levels of risk. Other information can be added in case an organization identifies them as relevant.
Some of the elements you mentioned (asset category, CWE, vulnerability) are related to an asset-based risk assessment, which is acceptable by the standard.
To see how a risk assessment table, based on the asset-based approach, looks like, please access the free demo of our Risk Assessment Table at this link: https://advisera.com/27001academy/documentation/risk-assessment-table/
This article will provide you a further explanation about risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding risk assessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 02, 2021