Expert Advice Community

Home / ISO 27001 & 22301 / Methodology for calculating risk

Guest

Methodology for calculating risk

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 27, 2017 Last commented:   Mar 27, 2017

Methodology for calculating risk

ISO 27001 & 22301
I have purchased the ISO 27001/ISO 22301 Risk Assessment Toolkit yesterday. I am keen to know regarding the calculations related to the RISK assessments especially the methodology which is being used. Any additional information related to this would be useful.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Expert
Dejan Kosutic Mar 27, 2017

Answer: Since we are targeting smaller companies, we are using the simplest risk assessment methodology: impact is assessed with the scale Low-Medium-High (0, 1 and 2), and the likelihood is assessed using the same scale. The risk is calculated by adding those two values together.

Of course, in the document called "Risk assessment and treatment methodology" you will find a detailed description of this methodology.

This article will also help you: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 27, 2017

Mar 27, 2017

Suggested Topics
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

Change in risk assessment methodology in ISO 27001:2013
Guest user Created:   Jul 27, 2022 ISO 27001 & 22301
Replies: 3
0 0

Using CVSS as Risk Management Methodology for ISO 27001
Guest user Created:   Jul 15, 2016 ISO 27001 & 22301
Replies: 1
0 0

Application risk assessment