ISMS Risk Survey

The most common way to perform ISO 27001 risk assessment is through the asset-threat-vulnerability approach, which can also be applicable to other business processes, because it is based on assets (elements with value to the organizations), and this concept can be applied to other processes in the organization. For example, you can use an asset called management report to identity risks for your ISMS and other processes that uses such asset (e.g., financial management report).

To see a list of threats and vulnerabilities you can use not only for ISMS risk assessment, but also for other business processes, see:
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

To see how to perform a risk assessment compliant with ISO 27001, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

The template for Risk assessment has examples of assets, threats and vulnerabilities you can use.

To see how documents to perform a risk assessment compliant with ISO 27001 looks like, please see: https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/

This material will also help you regarding ISO 27001 risk assessment:
- https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process.