Evaluate the risk owner?
Assign topic to the user
Answer:
I am sorry but I am not sure if I have understood your questions. You do not need to evaluate the risk owner, you simply need to identify the risk owner for each risk. This risk owner can be a person or entity with the accountability and authority to manage a risk. This article can help you to understand who can be a risk owner “Risk owners vs. Asset owners in ISO 27001:2013” : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
By the way, the risk owner can also participate in the evaluation of risks, but can participate also others. And the formula for the calculation of the risk depends of the methodology of the risk management, but an example can be: Risk = Consequences + Likelihood. For more information about this, this free webinar can be interesting for you “The basics of risk assessment and treatment ac cording to ISO 27001” : https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Maybe can be also interesting for you our methodology, so this article can be interesting for you "How to assess consequences and likelihood in ISO 27001 risk analysis" : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
Finally, our online course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 19, 2016