Qualitative and quantitative risk assessmentGet the ISO 27001 certification
Assign topic to the user
Qualitative is when you determine the risk with nominal values: Low, Medium, High (or also can use 1, 2, 3). In this case, you will need a table with the different values that can take the risk (based on the Impact and the likelihood).
Quantitative is when you determine the risk with numeral values, which can be also based on economical values. In this case, you need a formula, for example: Risk = Impact x Likelihood. In this case impact can be in terms of money, and likelihood in terms of %
We have a webinar where we talk about the risk assessment methodology and risk assessment, and we talk also about the differences between qualitative and quantitative risk assessment, but you need to buy our toolkit to see it, please if you need more information let us know.
This is the webinar Risk Management Part 1: Risk assessment methodology and risk assessment : https://www.iso27001standard.com/webinar/risk-management-part************************************************************* have received these questions:
1. How much does it to get the ISO 27001 certificatiion for a C4 or data Centre?
2. How long would it take to certify a C4 or Data Centre?
3. Do you have a partner in Mexico who we could work with?
Answer:
Point 1: Depends on the scope (people, sites, information systems, etc. involved), but normally the budget usually be between US$ 5.000 and 20.000. Anyway, please read this article How much does ISO 27001 implementation cost? : https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
Point 2: We have a free tool to calculate it, please see it here: https://advisera.com/27001academy/es/herramientas/calculador-gratuito-del-tiempo-de-implementacion-para-iso-27001-iso-22301/
Point 3: No sorry, but we give you all necessary documents for the implementation (in spanish), and also we give you support during the implementation.
Comment as guest or Sign in
Jan 12, 2016