Controls in Risk Treatment Plan
Assign topic to the user
In the risk assessment, the important is the acceptable level of risk (and remember that in a risk assessment asset-based it is related with each asset). If the risk is above of the acceptable level, then you need to reduce it with security controls in the Risk Assessment Plan, if not, it is not necessary. And the Risk Treatment Plan will have all controls that you need to reduce the risks identified in the risk assessment.
For more information about the risk assessment & treatment, please read this article "ISO 27001 risk assessment & treatment - 6 basic steps": https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Comment as guest or Sign in
Jan 12, 2016