Guest
ISO 27001 Risk Assessment
Can we perform risk assessment without writing threats and vulnerabilities? Only writing risks?
Assign topic to the user
Expert
Rhand Leal
May 22, 2020
ISO 27001 does not prescribe a risk assessment approach, it only requires a risk assessment process to be defined, so you can perform risk assessment only by writing risks without writing threat and vulnerability.
This article will provide you a further explanation about alternatives to risk assessment:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
This material will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
May 22, 2020
May 22, 2020
May 22, 2020