Asset-based risk assessment
Assign topic to the user
Answer:
From my point of view, the term “risk based risk assessment” is not correct, because you cannot based the risk assessment on a risk to calculate it (has no sense). On the other hand, the asset based risk assessment means that you use assets of your organization to determine and calculate risks.
Important, ISO 27001:2013 does not require an asset based risk assessment, or any other specific method, so you can perform the risk assessment for example with a process based, although our recommendation is the asset based methodology.
If you are interested to write an asset based methodology, this article can be interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
And our on line course can be also interesting for you because we give more information about the asset based methodology “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 30, 2016