Asset based or process based?
Assign topic to the user
Answer:
I am not sure if I have understood your question, but in the new ISO 27001:2013 it is not established that the risk assessment needs to be based on assets or process, we are free to select the best methodology for the organization, although our recommendation is to use the risk assessment asset based, because generally this approach is easier.
Maybe this article about how to write your own methodology can be interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
This article can be also interesting for you “ISO 27001 risk assessment & treatment – 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
And this article can be also interesting “What has changed in risk assessment in ISO 27001:2013 ” : https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/
And our online course can be also interesting for you because we give more detailed information about the risk assessment & treatment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 22, 2016