SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Performing risk assessment

  Quote
Guest
Guest user Created:   Aug 13, 2019 Last commented:   Aug 13, 2019

Performing risk assessment

Hi I follow your articles diligently all of them; big admirer of your know how. One topic I couldn't find detail was actually doing Risk Analysis. Issue is when we do RA, we have defined Assets and then put owner and then C I A value; in assigning CIA values for different assets, would it be done based on value of that asset to company or threat marked for that asset. Which method would be correct, as I haven't seen any article anywhere explaining this. If it is based on value of that asset to company then chance is CIA markings for a asset would be same for different threat for a company, would it be correct?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 13, 2019

Answer:

The reason why we do not have articles on defining the asset value is that it is not prescribed by the standard, and it only complicates the risk assessment if you already assess the level of impact. The point is, if you use the asset-based approach you need to identify risk by listing assets (without evaluating them), threats and vulnerabilities, evaluate impact (taking into account C-I-A) and likelihood, calculate the le vel of risk, and define the risk owner - nothing more.

This article can provide you further information about asset-based risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

This material will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 13, 2019

Aug 13, 2019

Suggested Topics