Expert Advice Community

Home / ISO 27001 & 22301 / risk assessment and controls

Guest

risk assessment and controls

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

risk assessment and controls

ISO 27001 & 22301
for risk assessment if I identify the threat and vulnerability but i already applied control then do I have to mention that risk? example asset(server) threat (no electricity) vulnerability (no ups) but I already have UPS , so do I have to add that record in the assessment table and put the likelihood "low"? or I will not add it because there is no vulnerability?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.
Guest
DejanK Jan 12, 2016

May,

You have to identify all the risks, even though you have implemented a control for some of them - it is true that in such cases the likelihood will be low, but the risk still exists.

If the value of such risk turns out to be acceptable, then of course you won't have to treat the risk; it some cases it might happen that such risk is still unacceptable (because the existing control is not enough), so you will have to apply some additional controls.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Aug 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Controls in the SoA that so not show up in the Risk Assessment
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

Taking into account the existing controls during the risk assessment
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

Taking into account existing controls in the risk assessment