Guest user Created: Aug 30, 2019 Last commented: Aug 30, 2019

Risk assessment and risk treatment methodology

1. As per our meeting yesterday, you have suggested to calculate risk value as Impact + Threat + Vulnerability. How do I scale Threat and Vulnerability?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 30, 2019

Answer: For Threat and Vulnerability scales you can adopt this scale: Impact: 0 to 4, Threat: 0 to 2, Vulnerability: 0 to 2 - this way the impact is balanced with the likelihood (likelihood consists of threat and vulnerability).

2. How do I draft a Process/Service based Risk Assessment process? How it differ from the attached document?

Answer: The general process is the same as for asset Risk Assessment process. The difference is that for a Process/Service based Risk Assessment you focus on steps or activities, instead of assets. For example, in a payment process you focus on steps like validating payment data and what could go wrong in this step, regardless of any asset involved.

This article will provide you further explanation about alternatives to asset based risk identification:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification ht tps://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 30, 2019

Expert Advice Community