Guest
Assessing the risks after the controls are applied
However lets elevate your example (in article https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment) by adding controls to come up with residual risk measurement. I believe that risk assessment, in general, would involve controls assessment.
Assign topic to the user
Basically you should assess the residual risks using the same criteria as described in the article you're referring to - this means you have to think how the consequences would be decreased when the controls are applied, and also how the likelihood would be decreased in the same case.
For more information please read this article Why is residual risk so important? : https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016