Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
Answer:
When it comes to risk treatment, there are four general options: mitigate, avoid, transfer and accept. So, in a sense, even raw risks can be considered residual risks (when the chosen treatment for them is to accept the risk).
Regarding organization's risk appetite, it helps to define which kind of risks are acceptable or not, and on which degree the cheapest treatment alternatives are acceptable (the higher the risk appetite, the higher the risks an organization is wiling to accept, and more prone it is to adopt cheaper treatments). So regarding residual risk, the higher the risk appetite, the higher will be the number of raw risks in the residual risk list. Regarding the other risk treatment alternatives, there is no definitive answer, because for each scenario the cheapest treatments will be different.
For more information, see:
- Risk appetite and its influen ce over ISO 27001 implementation https://advisera.com/27001academy/blog/2014/09/08/risk-appetite-influence-iso-27001-implementation/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
Comment as guest or Sign in
Nov 26, 2018