ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now 
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT
Document the results of the risk management process.
Get it now
I have some questions about information security management system. Thank you to answer these questions. I apologize for the lack of my english Writing
1. What is information security risk management process? (process of risk management)
2. What is the purpose and meaning of organize assets ? (organize assets)
3. What are methods of valuation of assets? (assets evaluations method)
4. what does the mean of this concepts: threats, vulnerabilities, control, accident and consequences ?
5. What is formula to calculate the risk?
6. What is strategy to deal with the risk?
Answers:
1.- With the process of risk management, basically you can identify risks related to information security- in your business and reduce them (with security controls). For more information about the process, please read this article ISO 27001 risk assessment & treatment 6 basic steps : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
2.- I suppose that your question is related to the inventory of assets, if so, the purpose and meaning of the inventory is to have identified and categorized all assets because they have a value for the business, and if you have based the risk management on assets, you can calculate risks related to them and protect them, although is not mandatory to perform the risk management based on assets, but is recommendable. This article can be interesting for you How to handle Asset register (Asset inventory) according to ISO 27001 : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
3.- Basically 3: quantitative, qualitative and semi-quantitative.
4.- threat: potential cause of an unwanted incident, which may result in harm to a system or organization; vulnerability: weakness of an asset or control that can be exploited by one or more threats; control: measure that is modifying risk; accident (is the same that an event): occurrence or change of a particular set of circumstances; consequence: outcome of an event affecting objectives.
5.- Depends on the methodology of risk management, an example can be: Risk = Consequences + likelihood. This free webinar can be interesting for you The basics of risk assessment and treatment according to ISO 27001 : https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
6.- Basically you have 4 options: reduce, accept, avoid or transfer. This article can be interesting for you Risk Treatment Plan and risk treatment process Whats the difference? : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
Comment as guest or Sign in
Jan 13, 2016