How are Risk assessment table and Risk treatment table different?
Assign topic to the user
Answer: Risk assessment table and Risk treatment table should be used separately, because in the Risk Assessment table you should list all the risks, whereas in the Risk treatment table you should copy only those risks that are not acceptable. The point is, in the Risk treatment table you will add controls only for the unacceptable risks and this is why you shouldn't mix this table with the Risk assessment table.
When doing the risk assessment and treatment, you should develop the Risk assessment & treatment methodology first, because it will define all the rules for performing this task; also very important is that you view the video tutorials that came with your toolkit - they will explain all the details on how to fill out the documents and provide you with couple of real-life examp les.
These materials will also help you regarding risk assessment and treatment:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
- Conformio (online ISO 27001 tool) https://advisera.com/conformio/
Comment as guest or Sign in
Nov 29, 2016