Risk Mitigation Options
Assign topic to the user
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now 
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
Answer: You can find information about the risk mitigation options in the templates "Risk Assessment and Risk Treatment Methodology", section 3.3 - Risk treatment, and "Risk Treatment Table". You can find these templates in folder 05 Risk Assessment and Risk Treatment Methodology
With the toolkit you bought you also have access to video tutorials that can provide you information about mitigation options and how to include them in your risk treatment documents.
This article will provide you further explanation about Risk Mitigation Options:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
This material will also help you reg arding Risk Mitigation Options:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
We received this question:
I tried to find the paragraph in ISO 27001, but cant find it there – can you include that in the web-answer?
Answer: Sorry by this confusion. I understand now that you are referring to ISO 27001 content, and not to ours toolkit's content.
In fact, ISO 27001 does not define risk treatment options, it only requires that the organization selects appropriate options taking into account the risk assessment results (clause 6.1.3 a)). The standard was designed this way so the organization can have flexibility to choose the options more relevant to its context.
However, the standard includes a note informing that its information security risk assessment and treatment process is aligned with ISO 31000, the ISO standard for risk management. In that standard you can find information about risk treatment options (on section 5.5.1), as well as on the standard ISO 27005 (Information security risk management), on section 9.
The 4 risk treatment o ptions in our toolkit are part of suggested options in ISO 31000 and ISO 27005, and they are the most commonly used. You can see details about them in the article I mentioned in my previous response.
Comment as guest or Sign in
Sep 26, 2017