Risk assessment
Assign topic to the user
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now 
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now
Answer:
For an asset-threat-vulnerabilty risk assessment approach a reasonable quantity of identified threats will depend on the quantity of identified assets. A good parameter is to consider 5 threats for each asset identified. Less than 5 threats per asset and you may left out a relevant risk related to that asset. More than 5 threats per asset and you will probably have a big number of minor risks that will only make your work unnecessarily complex. It is important to note that a same threat can be associated to different assets, so, for example, for 3 assets you do not need to identify 15 different threats.
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding risk as sessment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Apr 10, 2019