Expert Advice Community

Home / ISO 27001 & 22301 / Questions on Risk treatment table

Guest

Questions on Risk treatment table

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 31, 2016 Last commented:   Mar 31, 2016

Questions on Risk treatment table

ISO 27001 & 22301
For Risk Treatment Table, do we need to copy all the risks from risk assessment table or only with high risk?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.
Expert
Dejan Kosutic Mar 31, 2016

Answer: You should copy only those risks that are not acceptable - if you're using our Risk assessment methodology, the risks with values 3 and 4 are not acceptably.

And for certain risks, can we have same control? Like I have few assets with the risk of Disclosure/Leakage of Information, can I apply Confidentiality or disclosure agreements control for that risks?

Answer: Sure, you can apply some controls for several risks, while other controls will be applied only for one risk; further, you should apply several controls for one risk, just to make sure that risk is decreased.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 31, 2016

Mar 31, 2016

Suggested Topics
Guest user Created:   May 04, 2023 ISO 27001 & 22301
Replies: 3
0 0

Risk assessment and treatment
Guest user Created:   Nov 27, 2022 ISO 27001 & 22301
Replies: 1
0 0

Risk Treatment and RTP
Guest user Created:   Sep 13, 2022 ISO 27001 & 22301
Replies: 1
0 0

Different companies in scope ISO 27001