Tag: "Risk Assessment" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Risk treatment plan

    Is it necessary to implement a treatment plan for all identified risks, or is it only necessary to apply a treatment plan if a medium or high-risk is detected?

    I am asking this question because in my risk assessment, all the residual risks are low, and according to my policy, only medium and high risks should receive a risk treatment plan. I want to know if it's appropriate to leave low risks without a risk treatment plan or if I should create one despite all risks being low.

  • ISO 27001 Beginner

    Hi, I currently work for a care company in the UK and I've been asked to research about ISO 27001 and how to apply it to the IT industry. I don't really know where to begin, and could use some help. I have been asked to do audits and risk assesments. What I'm asking for is a beginers guide here and someone to point me in the right direction for this. Any help is appriciated.
  • Risk assessment and treatment report

    I have a clarification question regarding the risk assessment and treatment report. When is this report created in the process of the ISO 27001 project? Before or after implementation of the necessary controls?

    In the draft document it states that «The risk treatment was done from XX to XX.» (Risikobehandlung wurde im Zeitraum von [Tag/Monat/Jahr] bis [Tag/Monat/Jahr] durchgeführt.) Does this include that the controls are in place, or does this mean that the treatment plan etc. was created, but the controls do not have to be in place when writing the report?

    Also, it says in the draft document (Heading 3.5) that «after implementation of the controls the residual risks are re-evaluated» (nach der Anwendung der Maßnahmen wurden die Restrisiken bewertet). This implies that the report is done after the controls have been implemented as the process (on which is reported) would include the residual risk evaluation after the implementation of the controls.

  • Creating risks list

    Oye tengo una gran duda con unos templates que compre con ustedes para Risk Assessment, en los videos no muestran como crear la lista de Riesgos. Solo indica que primero hay que identificar los Activos, a través de las amenazas y vulnerabilidades pero no veo ningún template que muestre el resultado final después de haber identificado los Riesgos, estoy confundido. Me puede ayudar?

    (Hey, I have a big question with some templates that I bought with you for Risk Assessment, in the videos they don't show how to create the list of Risks. It only indicates that the Assets must first be identified, through threats and vulnerabilities but I don't see any template that shows the final result after having identified the Risks, I am confused. Can you help me?)

  • Filling SoA

    I already used risk ID's inside the SoA template and wrote down „Risk #8, #10, #38“ for example. I did it like Dejan’s video tutorial said. But control A.12.6.1 includes (in my opinion) almost any risks out of the risk assessment table and I would like to write a general statement for „reason for selection / exclusion“ instead of writing each risk ID down. Is this possible? I did it for some other controls inside the SoA already too.

  • Hybrid approach for risk assessment

    Can we perform Hybrid approach (Service based & Asset based) risk assessment? Also, can we create the process /methodology document likewise?

  • Risk assessment report

    I already had a question about chapter 3.3 inside the report on risk assessment and risk treatment a few weeks ago. It was about the final reports where you explained to me that it relates to risk assessment and risk treatment. But I still don’t know which documents are meant when it comes to these final reports and the exact time period when they were created. I have a period of time when I did the risk assessment and risk treatment. But the final reports I don’t know what’s meant with that. It would be great if you could help me with this.
  • Work instructions & safety and risks

    If you complete a work procedure instruction, do you have to complete a safe operating procedure and complete a risk assessment as well?