Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

ISO 27001 how to assign risk value

I have a query related to ISO 27001. In ISO 27001:2005 the risk value was assign to asset risk but In 27001:2013 the risk value is assign to owner of the asset risk ,instead of asset risk itself ?if yes,then how the value can be assign to the owner of asset risk.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

1) ISO 27001:2005 does not require risk value to be assigned to asset risk - this standard requires impact to be one of the factors that determines the level of risk.

2) ISO 27001:2013 does not require risk value to be assigned to owner of the asset risk - this standard also requires impact to be one of the factors that determines the level of risk.

These articles will help you understand these issues:

How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
What has changed in risk assessment in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community