Guest user Created: Nov 24, 2017 Last commented: Nov 24, 2017

Approaches beyond asset-based for risk assessment

In working through the ISO 27001 toolkit, I saw that the tutorials and templates recommend taking an asset-based approach to risk assessment. While this may be the method that we use, I want to explore other options before settling on one in particular. Do you have any templates or documents available for a scenario-based approach or any other approaches?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 24, 2017

Answer: Since other methods besides the asset-based approach to risk assessment are not commonly used by small and medium organizations, we do not have specific material about them, but we can suggest you to take a look at the ISO 31010 standard (www.iso.org/standard/51073.html), which will provide you examples of other risk assessment methodologies, including the scenario-based approach.

This article will provide you further explanation about ISO 31010:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 24, 2017

Expert Advice Community