Assign topic to the user
Answer:
You have to calculate the residual risk after the definition of the risk treatment to be applied. At this point the residual risk is the risk value you expect to achieve with the implementation of the controls. After the implementation of the controls, the risk value you will measure will confirm if the previously calculated residual risk is right or if you need to perform adjustments in the control implementation.
These articles will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Jul 20, 2019