Issue based risk assessment?
Assign topic to the user
Answer:
You are right, I mean, you can perform an asset based risk assessment, although it is not mandatory in the new ISO 27001:2013 (for example, you can perform a process based risk assessment).
Regarding the issue based risk assessment, I am sorry but it does not exist in ISO 27001:2013. The “issues” are related to the context and the scope of the ISMS, so your organization simply shall consider internal and external issues to determine risks and opportunities that need to be addressed, independently of the methodology for the risk assessment.
This article can be interesting for you “Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)” : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
And also this one “How to identify interested parties ac cording to ISO 27001 and ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
And if you are interested in the development of a methodology for the risk management, this article can be also interesting for you “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
And our online course can be also interesting for you because we give more information about the risk assessment “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 01, 2016