Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Hybrid approach for risk assessment

  Quote
Guest
Guest user Created:   Sep 06, 2019 Last commented:   Sep 06, 2019

Hybrid approach for risk assessment

Can we perform Hybrid approach (Service based & Asset based) risk assessment? Also, can we create the process /methodology document likewise?

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Expert
Rhand Leal Sep 06, 2019

Answer: ISO 27001 does not prescribe any approach for risk assessment, so you can adopt the one that better suits your organization, even a hybrid one. The same applies for the process/methodology. You can create your own, provided this one fulfills the requirements from the standard.

But please note that you have to verify if the benefits of adopting a hybrid approach will be greater than the complexity required to perform it.

For information about alternative approaches for risk identification, please read:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 06, 2019

Sep 06, 2019

Suggested Topics