Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

Expert Advice Community

Home / ISO 27001 & 22301 / Risk Management Methodology 27001:2013

Guest

Risk Management Methodology 27001:2013

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Risk Management Methodology 27001:2013

ISO 27001 & 22301
How is the good practice and formulate risk assessment ? According to new version, now risk assessment refer to ISO 31000 however can we still use others methodology such NIST or 27005. Thanks
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
Guest post Jan 12, 2016

For developing a methodology for risk assessment ISO 31000 is not very practical because it is very generic - it does not provide detailed guidance.

Therefore we recommend ISO 27005 because:
1) It is specific for information security management
2) It is much more practicable
3) It is fully compliant with ISO 31000

For details on risk assessment best practice please have a look on the following webinar for further information on risk assessment: https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Oct 28, 2022 ISO 27001 & 22301
Replies: 1
0 0

HIPAA vs ISO
Guest user Created:   Oct 17, 2022 ISO 27001 & 22301
Replies: 1
0 0

Question about certification requirements
Guest user Created:   Apr 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation