Filling the risk assessment table
Assign topic to the user
Answer: Sometimes the protective effect only takes place when several controls are applied together (e.g., for physical protection, implementing security perimeter without entry controls, or vice versa, does not make much sense). If one fails, the whole protection may be compromised. In cases like this it is enough to put the result on a single row. So, you should assess the effect of all controls implemented for a particular risk to decide how to record them in your Risk Treatment Table.
By the way, together with the toolkit you have received access to video tutorial called How to Implement Risk Treatment According to ISO 27001 which explains exactly how t his is done - I would recommend you watch this tutorial because it will explain you what does the standard require, what options do you have, how to fill out the data, etc.
Comment as guest or Sign in
Nov 19, 2016