Impact and likelihood values

Answer:
I am sorry but I am not sure what do you mean. Basically, threats and vulnerabilities can help you to calculate values for the impact and the likelihood, and with the impact (damage that a threat can cause to the organization) and the likelihood (likelihood that a threat can be materialized) you can calculate the risk.

So, a common way to calculate the risk is giving values to the impact and the likelihood, although another way for the calculation of the risk is giving values to the impact, threats and vulnerabilities.

The mitigation means that you have a risk treatment plan and you have implemented security controls to reduce the risks, and this implies that the impact or the likelihood have been reduce. So, generally after the mitigation the impact value or the likelihood value is reduced.

Anyway, this ar ticle can be interesting for you “ISO 27001 risk assessment & treatment - 6 basic steps” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

And also this one “ISO 27001 risk assessment: How to match assets, threats and vulnerabilities” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

Finally, our online course can be also interesting for you because we give more information about the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/