Methodology for calculating risk
Assign topic to the user
Answer: Since we are targeting smaller companies, we are using the simplest risk assessment methodology: impact is assessed with the scale Low-Medium-High (0, 1 and 2), and the likelihood is assessed using the same scale. The risk is calculated by adding those two values together.
Of course, in the document called "Risk assessment and treatment methodology" you will find a detailed description of this methodology.
This article will also help you: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Comment as guest or Sign in
Mar 27, 2017