Creating risks list
Oye tengo una gran duda con unos templates que compre con ustedes para Risk Assessment, en los videos no muestran como crear la lista de Riesgos. Solo indica que primero hay que identificar los Activos, a través de las amenazas y vulnerabilidades pero no veo ningún template que muestre el resultado final después de haber identificado los Riesgos, estoy confundido. Me puede ayudar?
(Hey, I have a big question with some templates that I bought with you for Risk Assessment, in the videos they don't show how to create the list of Risks. It only indicates that the Assets must first be identified, through threats and vulnerabilities but I don't see any template that shows the final result after having identified the Risks, I am confused. Can you help me?)
Assign topic to the user
Please note that in the asset-threat-vulnerability approach used in the template there is not a phrase or statement for the risk. The assets+threats+vulnerabilities are the risks, and there is nothing else needed to identify the risks.
From that you only have to evaluate the level of impact and likelihood to calculate the risk value.
For further information, please read:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
Thak you Rhand Leal, now,
How can I cross or related the assets identified in the SOA with the Risk Treatment Plan? The order in which I should write each activity in the plan is the order in which they are in the SOA? Should I just write the asset name or rather the activity name to be done to decrease the risk ? and specify what, who, when, how, timing, status, etc.
Comment as guest or Sign in
Sep 26, 2019