Name few Qualitative and Quantitative Risk Assessment methodologies in the market which i could use for implementation ISO 27001.
Answer:
Examples of Qualitative Risk Assessment methodologies can be CRAMM, OCTAVE, NIST 800-30, while examples of quantitative Risk Assessment methodologies can be PILAR, or SOMAP.
Have you seen our methodology? It is based on qualitative method (more easy). Here you can see a free version clicking on Free Demo tab Risk Assessment and Risk Treatment Methodology : https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/
ISO 27005 is a code of best practices for risk management, and the appendices provide guidance on using qualitative and quantitative approaches, so maybe can be interesting for you. You can buy and download it from the official site of iso.org : https://www.iso.org/standard/56742.html
Finally, this article can be also intere sting for you "How to write ISO 27001 risk assessment methodology" : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
Comment as guest or Sign in
Jan 13, 2016