Guest user Created: Jan 14, 2019 Last commented: Jan 14, 2019

BIA input for risk assessment

While going through the CISM manual I came across the asset valuation as one of the basic steps for risk assessment. its stated that for valuation sometime BIA is selected as one of the method, because of it can derive the impact on the business. So can we consider then BIA as an input to risk assessment, kindly suggest?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Jan 14, 2019

Answer: ISO 27001 does not prescribe which inputs you should use when performing the risk assessment, only that you have to take into account the impact on confidentiality, integrity and availability of your information.

Therefore, you can take Business Impact Analysis as an input for your risk assessment, however this could prove to be very costly if you start doing this for each of your assets; to avoid these costs you can do the BIA only for the most valuable assets.

Read also this article: Risk assessment vs business impact analysis: https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 13, 2019

Expert Advice Community