Expert Advice Community

Residual Risk Calculations

  Quote
Tanya S Created:   Dec 01, 2023 Last commented:   Dec 06, 2023

Residual Risk Calculations

Hi, I understand that the conformio software auto calculates the residual risk after controls are added. so 2 questions:

1. What is the recommended base for controls? Is more better as in comprehensively covered or the minimum to reduce the resdiual risk?

2. Do we assume that the controls reduces the impact rating? I'm unsure of how that will happen. Can you please explain? For example - Desktop Computers > Downloads from internet not controlled > Infections with malicious software > Controls choosen are: A.5.7, A.5.10, A.5.17, A.5.24, A.5.25, A.5.26, A.5.27, A.5.28, A.5.37, A.6.1, A.6.2, A.6.3, A.6.4, A.6.8, A.8.7, A.8.19, A.8.21

The residual risk is now 0 but I don't understand how the Impact is reduced to 0 with these. Please help.

Thanks

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Admin
Tihana Dec 06, 2023

Thank you for your question.

We answered it through Experta - you can find the answer here:

  1. https://experta.com/shared-post/7210f1ed-cd97-4aec-9c6f-19f873423b02
  2. https://experta.com/shared-post/1bb10439-8dab-4de6-98f5-152abb676119
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 01, 2023

Dec 06, 2023