The risk assessment and ISO 27001
Assign topic to the user
Answer:
ISO 27001 defines that you need a methodology for the risk assessment (is a requirement), but does not defines what methodology you need to use, so you can use the methodology that you want. Generally most of the methodologies are based on assets, and it is our recommendation. If you want, you can develop your own methodology, and for this you can read this article “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
By the way, our methodology is also based on assets, so maybe can be interesting for you to see a free version here clicking on “Free demo” tab “Risk Assessment and Risk Treatment Methodology” : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
Finally, we also have an online course that can help you to understand the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 21, 2016