Expert Advice Community

Home / ISO 27001 & 22301 / Measurement of the absolute risk

Guest

Measurement of the absolute risk

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Measurement of the absolute risk

ISO 27001 & 22301
Hi friends, Could you help me with the following question please: To measure the absolute risk, is necessary to evaluate the asset without protections neither controls of any kind, or it is measure with the protections or controls implemented currently on the asset? Which would be the best approach and why? Which you use and recommend? Thank so much Best regards.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Guest
AntonioS Jan 12, 2016

To evaluate the risk, you should take in consideration the security controls that exist in the organization for each asset. This approach is more real and more closer to the reality of your business, because considers the current controls. If not, you will have a point of view that not reflects the reality. So, our recommendation is the first approach, I mean, that you consider current security controls.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 0
0 0

Risk treatment plan
Atheer AlMartan Created:   Feb 11, 2024 ISO 27001 & 22301
Replies: 1
0 0

Statement of Acceptance of Residual Risks
Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations