Methodology for risk assessment in ISO 27001
Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
Answer:
ISO 27001:2013 do not define risk methodology, only requirements on risk assessment and risk treatment process. There are many examples for risk methodologies, I would only generally divide them in quantitative and qualitative (or combine) risk assessment.
This article give you couple of examples of qualitative methodology: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
These materials will also teach you how to define the risk assessment methodology:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Oct 04, 2016