Guide for Indicators and risk assessment
Assign topic to the user
Answer:
If your question is about measurement, ISO 27001 does not have this information, but you can find in ISO 27004 a complete guide of best practices about how to measure an Information Security Management System (completely compatible with ISO 27001). So, this standard can help you to develop formulas that can help you to assess every control in an organization.
Anyway, this article can help you “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
If your question is about the risk assessment, ISO 27001 simply defines requirements about the risk management, so ISO 27001 is not a guide, but you can use ISO 27005 -which a guide of best practices for the development of the risk management- as guide to perform the risk assessment.
This article can be also interesting for you “How to write ISO 270 01 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
And also this one “ISO 27001 risk assessment & treatment - 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Finally, our online course can be also interesting for you because we give more information about the measurement of an Information Security Management System, and also about the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 09, 2016