SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Change in risk assessment methodology in ISO 27001:2013

Guest

Change in risk assessment methodology in ISO 27001:2013

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Change in risk assessment methodology in ISO 27001:2013

ISO 27001 & 22301
In the new ISMS Standard, is there any change in the methodology of calculating Risk to be adopted?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Guest
DejanK Jan 12, 2016

Answer: Basically, there are two changes regarding risk assessment in ISO 27001 2013 revision: (1) it is not required any more to identify threats and vulnerabilities related to assets - you can identify risk in some other way, and (2) you need to identify risk owner for each risk.

As in 2005 revision, there are no requirements on how to calculate risks - every company can develop it's own method of calculating risks.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Apr 24, 2019 ISO 27001 & 22301
Replies: 1
0 0

Questions about risk assessment
Guest user Created:   Mar 24, 2017 ISO 27001 & 22301
Replies: 1
0 0

Organizational context and Risk Assessment Report
Guest user Created:   Jul 15, 2016 ISO 27001 & 22301
Replies: 1
0 0

Application risk assessment