Expert Advice Community

Guest

Risk assessment

  Quote
Guest
Guest user Created:   Dec 12, 2020 Last commented:   Dec 12, 2020

Risk assessment

Junto con saludarte, te comento que estoy haciendo mi evaluación de riesgo y tengo unas dudas al respecto.

 Por ejemplo, uno de mis activos es el servidor, las amenazas sobre el son varias, por ejemplo: fuego, inundación, etc… si yo ya tengo disminuidas esas amenazas poniendo sistema antiincendios, alarmas, extinguidores, sala aislada, etc…tengo que incorporarlas dentro de mi evaluación? Y de ahí asignarles un valor que resultara en aceptable o inaceptable? O la evaluación de riesgo se hace con lo que ya esta implementado…

(Along with greeting you, I tell you that I am doing my risk assessment and I have some doubts about it.

For example, one of my assets is the server, the threats on it are several, for example: fire, flood, etc ... if I already have those threats reduced by putting a fire system, alarms, extinguishers, isolated room, etc ... I have to incorporate them within my evaluation? And from there assigning them a value that would result in acceptable or unacceptable? Or the risk assessment is done with what is already implemented ...)

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 12, 2020

When you assess the impact and the likelihood of a set of asset-threat-vulnerability for which you already have implemented controls, you have to take into account the existing controls (because they decrease the probability of your risk). In such cases, you need to include in your assessment the information about the "existing controls" (e.g., you can use a plain description of the control, without referring to ISO 27001 or ISO 27002).

For further information, see:
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/
- Free online training ISO 27001 Foundations Course http://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 12, 2020

Dec 12, 2020

Suggested Topics