Advantages/Disadvantages of Asset Based Risk Assessment
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
Itommy,
It is true that many companies are still using asset-based risk assessment, although 2013 revision of ISO 27001 allows also other methods of risk identification.
If you want to avoid missing generic risks when doing the asset-based risk assessment, you should develop a list of generic threats and then make sure you check them against each asset.
Generally speaking, asset-based risk assessment is more precise than others because it focuses on each element that contains information (or could endanger the information), while on the other hand it is rather complex and lengthy. Other methodologies have still not proved themselves, so it will take couple of years more to show which will prove better in practice.
Comment as guest or Sign in
Jan 12, 2016