Expert Advice Community

Home / ISO 27001 & 22301 / Risk value calculation

Guest

Risk value calculation

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Dec 22, 2016 Last commented:   Dec 22, 2016

Risk value calculation

ISO 27001 & 22301
Just need enlightenment on a trivial thing, normally I have seen that risk impact is multiple of likelihood and consequence/ severity i.e. Risk impact= likelihood of occurrence x consequence faced. However in your document Risk impact is taken as sum of both consequence and likelihood. Any technical reason why is this so?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Expert
Rhand Leal Dec 22, 2016

Answer: For the purpose of a single risk value calculation, there is no particular technical reason for using sum instead of multiplication, and vice versa, to calculate risk value. The decision for sum or multiplication will only matter in more complex risk calculation activities, involving probabilistic theories, which is not the case.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 22, 2016

Dec 22, 2016

Suggested Topics
Guest user Created:   Nov 28, 2017 ISO 27001 & 22301
Replies: 1
0 0

Risk value calculation
Guest user Created:   Feb 08, 2016 ISO 27001 & 22301
Replies: 1
0 0

Is assessing asset value mandatory?
Guest user Created:   Sep 07, 2020 ISO 27001 & 22301
Replies: 1
0 0

Risk Management and "Asset value" & Asset Criticality