BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

Conflicting approaches to Risk Assessment

  Quote
Guest
Guest user Created:   Oct 13, 2021 Last commented:   Oct 13, 2021

Conflicting approaches to Risk Assessment

I need to reconcile what appears to be two conflicting approached to Risk Assessment:

The toolkit's approach is as follows: Assets-Threats-vulnerabilities The Conformio approach is Assets- Vulnerabilities-Threats-Please explain

0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Expert
Rhand Leal Oct 13, 2021

First of all, sorry for this confusion.

This is only different writing of the methodology name. The approach is the same regardless of the order of its elements. The results will be the same, because the risk calculation is based on sum or multiplication, which result is independent of the order of elements.

For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

This material can also help you:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 13, 2021

Oct 13, 2021

Suggested Topics

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations