Guest
Change in risk assessment methodology in ISO 27001:2013
In the new ISMS Standard, is there any change in the methodology of calculating Risk to be adopted?
Assign topic to the user
Answer: Basically, there are two changes regarding risk assessment in ISO 27001 2013 revision: (1) it is not required any more to identify threats and vulnerabilities related to assets - you can identify risk in some other way, and (2) you need to identify risk owner for each risk.
As in 2005 revision, there are no requirements on how to calculate risks - every company can develop it's own method of calculating risks.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016