Enterprise risks

Answer: ISO 27001 was designed to cover risks related to information security from operational to enterprise levels, but enterprise risks cover much more than information security, so you should consider to complement it with some other frameworks, like COSO, which provides recommendations for managing enterprise risks, like economical, social, and others.

2. Do we have high level classification of enterprise risk?

Answer: General classification for risks like low, medium and high are used when we talk about enterprise risks, so we can compare risk from different types, like technological, economical, strategic, etc.

These articles will provide you further explanation about enterprise risks and monitoring:
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
- Aligning information security with the strategic direction of a company according to ISO 27001 https://adviser a.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/