Expert Advice Community

Home / ISO 27001 & 22301 / ISO 27005 Annexes

Guest

ISO 27005 Annexes

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 13, 2018 Last commented:   Feb 13, 2018

ISO 27005 Annexes

ISO 27001 & 22301
I am working on the development of InfoSec risk management framework. Can you please guide if we can use the Annex B, C, D (of ISO 27005:2011) in our own framework. Is there any compliance issue?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Expert
Rhand Leal Feb 13, 2018

Answer: Annexes B (Identification and valuation of assets and impact assessment), C (Examples of typical threats) and D (Vulnerabilities and methods for vulnerability assessment) from ISO 27005 are compilations from common practices and situations found in the market, so there is no problem to adopt them in your framework

This material will also help you regarding risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 13, 2018

Feb 13, 2018

Suggested Topics
Guest user Created:   Feb 12, 2021 ISO 27001 & 22301
Replies: 1
0 0

Appendix 3 of Risk Assessment
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits
Garry Created:   Dec 10, 2023 ISO 27001 & 22301
Replies: 3
0 0

Understanding the core concepts of RPO & RTO - ISO 22301