Risk assessments
I purchased your ISO 27001 document toolkit, along with various books.
With regard to the risk assessment, it’s my first time doing this exercise – while the training & templates are useful, I am a little concerned I’m making it more complicated than it needs to be for a business of our size.
As with anything, there are levels of detail you can take it to, and I suspect I might be going too deep.
I was wondering if you had any real example risk assessments for a small/medium-sized *** company that you think are good and would be able to share with me (even if they are a little old)?
While the theory and examples are useful, I think seeing a real one would help me measure the depth required and if I’m on the right track.
Assign topic to the user
As for a practical example of risk assessment, I suggest you take a look at this free downloadable material: Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF) https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
The diagram shows the ISO 27001 Risk Assessment and Treatment process, considering an asset – threat – vulnerability approach.
Please note that included with your toolkit there is access to a video tutorial that can help you understand and fill in the risk assessment and risk treatment tables, using real data as an example.
These articles will provide you a further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Risk assessment tips for smaller companies https://advisera.com/27001academy/blog/2010/02/22/risk-assessment-tips-for-smaller-companies/
- ISO 27001 risk assessment: How to match assets, threats, and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
Comment as guest or Sign in
May 25, 2020