Expert Advice Community

Home / ISO 27001 & 22301 / Assessing the risks after the controls are applied

Guest

Assessing the risks after the controls are applied

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Assessing the risks after the controls are applied

ISO 27001 & 22301
However lets elevate your example (in article https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment) by adding controls to come up with residual risk measurement. I believe that risk assessment, in general, would involve controls assessment.
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.
Guest
DejanK Jan 12, 2016

Basically you should assess the residual risks using the same criteria as described in the article you're referring to - this means you have to think how the consequences would be decreased when the controls are applied, and also how the likelihood would be decreased in the same case.

For more information please read this article “Why is residual risk so important?” : https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Guest user Created:   Aug 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Controls in the SoA that so not show up in the Risk Assessment
Guest user Created:   Aug 10, 2023 ISO 27001 & 22301
Replies: 1
0 0

What asset to list when Risks relate to general or high-level assets?