how can i determine and describe options to treat risks associated with a project
Answer:
Generally, there are 4 general options for the treatment of any type of risk: Apply controls (or actions) to reduce the risk, transfer the risk, avoid the risk or accept the risk. For more information, maybe this article can be interesting for you Risk Treatment Plan and risk treatment process Whats the difference? : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Finally, remember that the Annex A of ISO 27001:2013 has the control A.6.1.5 Information security in project management, which is related to the integration of the information security with project management activities, and there are several ways for this: including information security objectives in project activities, perform a risk assessment in an early stage of the project, perform treatment of the identified risks (4 options above), etc. So this article can be also interesting for you How to manage sec urity in project management according to ISO 27001 A.6.1.5 : https://advisera.com/27001academy/what-is-iso-27001/
Comment as guest or Sign in
Jan 13, 2016