Risk Assessment in ISO 27001:2013

Hello Friends,
ISO 27001: 2013 talks about Risk Assessment based upon the information flow. Does is still makes sense to do it on the basis of Assets?

First is important to note that information flow is not mentioned in the whole ISO 27001 standard.

Regarding risk assessment, the information flow is only one of the inputs used to understand the context on which the risk assessment will be performed. So you still have to define an approach to the risk assessment process, and for information security risk assessment the asset-based risk assessment is still one of the most common approaches.

These articles can provide you more information about risk assessment approaches:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/