LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISO 27001 package question regarding risk assessment

  Quote
Guest
Guest user Created:   Jan 04, 2022 Last commented:   Jan 04, 2022

ISO 27001 package question regarding risk assessment

thanks for the call last week! I proceeded with the risk assessment. Just a small question: The evaluation of probability of a risk already takes into account the measures that we already have implemented - is that correct? Because in the methodology it says: https://i.imgur.com/5hvpOc1.png So that means: If we already have implemented several security measures for certain risks, the probability will be low in the risk assessment. This would lead to a quite small amount of not acceptable risks (3 or higher) that would be transfered to Anhang 2 "Verzeichnis Risikoeinschätzung" (currently around 12 risks to be transfered in our case). Did I understand this correctly? Or do we need to evaluate the risk without taking into account the measures we already have? Thanks for your help!

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 04, 2022

If you already have implemented controls you need to take them into account when analyzing the risks, so your understanding is correct. In the Risk Assessment Table, in the last column, you can describe which controls are already implemented.

For further information, see:

This material will also help you regarding risk assessment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 04, 2022

Jan 04, 2022

Suggested Topics