Expert Advice Community

Guest

Performing Risk management according to ISO 27005

  Quote
Guest
Guest user Created:   Mar 22, 2021 Last commented:   Mar 22, 2021

Performing Risk management according to ISO 27005

How to perform practically and step by step the Risk management according ISO27005 ?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 22, 2021

ISO 27005 is a supporting standard to ISO 27001, detailing how to implement risk management for information security (basically covering ISO 27001 clauses 6.1.2 and 6.1.3).

Considering that, general steps for risk assessment and treatment are:

  • Definition of a risk assessment and treatment methodology
  • Performing of risk assessment (risk identification and risk analysis)
  • Performing of risk treatment (risk evaluation and controls selection)
  • Elaboration of a risk treatment report
  • Elaboration of Statement of Applicability (SoA)
  • Elaboration of Risk Treatment Plan and acceptance of residual risks

This article will provide you a further explanation about implementing risk management:

These materials will provide you a further explanation about implementing risk management:

If you want to see how a risk management process compliant with ISO 27005 looks like, I suggest you take a look at the free demo of our ISO 27001/ISO 22301 Risk Assessment Toolkit at this link: https://advisera.com/27001academy/01academy/emy/ademy/my/iso-27001-22301-risk-assessment-toolkit/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 22, 2021

Mar 22, 2021

Suggested Topics

Atul Kamat Created:   Jul 26, 2021 ISO 27001 & 22301
Replies: 4
0 0

Incident Management

Kamil Created:   Jul 22, 2021 ISO 27001 & 22301
Replies: 2
0 0

Risk owner problem