Assign topic to the user
Answer:
There is no universal way to calculate the asset value, but a common way is to select the high value from the 3 parameters (in your case 5), or another way is to sum the 3 parameters (so in this case you can have the value 15). If you want to know my opinion, for my is more easy is you select the high value (5).
Anyway, for the risk management, it is not mandatory to use the asset value, so if you want an easy way you can use simply the impact value.
This article can help you “How to assess consequences and likelihood in ISO 27001 risk analysis” : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
And also this article “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
And also our online course, because we give more inform ation about the evaluation of assets “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 03, 2016