In February 2020 I bought the Advisera ISO 27001 tool kit and I am now making good progress with the ISO 27001 project.
Currently, I am working on the Risk Assessment in your excel file template.
Our company has 35 employees and we operate as a service provider in the field of real estate investment management for institutional clients.
At this point I have identified 191 threats for various assets in our company. Out of these 191 threats only 35 are categorized as „unacceptable“ risks.
Somehow I fear that this number may be too low and my risk assessment may be too optimistic.
Do you have any thoughts on my numbers?
Thank you very much in advance for your help.