Benefits of asset-based approach
I am looking at this article right now:
https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification
And I didn't understand what the benefits of an event based approach are instead of an asset-based approach...
Assign topic to the user
To understand the benefits you need to see the risk assessment from the users’ point of view.
For people that are not used to perform risk assessment, it is easier to remember an event that may affect them than a specific set of elements (i.e., asset-threat-vulnerability), so you can perform risk assessment faster, without worrying about longer training sessions, and get the most relevant events in the users’ point of view.
This material will help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Feb 26, 2021