Expert Advice Community

Guest

Risk Assessment

  Quote
Guest
Guest user Created:   Sep 10, 2020 Last commented:   Sep 10, 2020

Risk Assessment

Looking for your expert opinion.
Background:My ISMS scope consist of 3 scopes :1) Data Center 2) Portal Maintenance & 3) A critical business process e.g: driving license application
Question: Can I use asset based risk assessment or should I use process based risk assessment? Appreciate your expert view.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 10, 2020

First is important to note that ISO 27001 does not prescribe an approach to be used for risk assessment, only what must be performed.

Considering that, we generally recommend the asset-based risk assessment, because it is easier to perform. However,  with the process-based risk assessment you can have a more understandable context to identify and evaluate risks, so the decision about which approach to use will depend on the competencies you have available and objectives you want to achieve.

These materials will provide you a further explanation about risk assessment approaches:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 10, 2020

Sep 10, 2020

Suggested Topics

Guest user Created:   May 07, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment

Guest user Created:   May 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment treatment

Guest user Created:   Apr 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS & BCMS risk assessment