Expert Advice Community

Guest

Performing Risk Assessment

  Quote
Guest
Guest user Created:   Mar 15, 2017 Last commented:   Mar 15, 2017

Performing Risk Assessment

i work for am organization with more 1500 employees.i wanted to do risk assessment using ISO 27001 risk assessment: How to match assets, threats and vulnerabilities. I wanted to start with the finance department with staff complement of 87 people.How do i go about it
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 15, 2017

Answer: The first thing you should do is write your risk assessment methodology, so you can have in hand all the rules, considerations and steps regarding how to identify, analyse, and evaluate the risk. After all these items are properly documented you can proceed with the assessment itself (and be sure that people will ask you about these things during the assessment).

Considering the number of people, maybe it would be better to divide them in smaller groups (at most 20 people per facilitator), grouping them by process performed (e.g., accounts receivable, accounts payable, etc.), or by offices (Assuming that this number of people do not stay at the same room), or any other criteria you can use to divide them. Try to make cycles considering the threats and vulnerabilities f or a specific asset before going to another asset. Also consider to take with you checklists to help you identify risks, and paper to take notes of all information.

This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/knowledgebase/how-to-assess-consequences-and-likelihood-in-iso-27001-risk-analysis/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 15, 2017

Mar 15, 2017

Suggested Topics