Conflicting approaches to Risk Assessment
I need to reconcile what appears to be two conflicting approached to Risk Assessment:
The toolkit's approach is as follows: Assets-Threats-vulnerabilities The Conformio approach is Assets- Vulnerabilities-Threats-Please explain
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
First of all, sorry for this confusion.
This is only different writing of the methodology name. The approach is the same regardless of the order of its elements. The results will be the same, because the risk calculation is based on sum or multiplication, which result is independent of the order of elements.
For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
This material can also help you:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
Comment as guest or Sign in
Oct 13, 2021