Risk assessments
Assign topic to the user
Answer: To ensure you identify the most relevant risks related to an asset (you do not have to identify all risk), you should ensure an approach from as many points of view as possible. Think about including in the same risk identification session people from different areas and processes. For example, if you are evaluating sales process, try to bring in people from IT, financial and legal department. For sure all of them will have different interest on information security and will point out different risks.
And even if you didn't identify all the risks, you will probably identify them during the next review of your risk assessment - no one expects you to do it perfectly the first time, risk assessment is something that is continually improved.
These articles will provide you further explanation about Risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
These materials will also help you regarding Risk assessment Risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jun 07, 2017