Guest user Created: Sep 05, 2019 Last commented: Sep 05, 2019

Risk assessment approach

I was reading this article from instructor located at this location…https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

Tags: risk assessment approach

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 05, 2019

Per this article ISO does not recommend asset based risk assessment, so why are you selling documentation based on old format.

Do you have any documentation based on new format?

Answer: Sorry, but I think there is a misunderstanding here

ISO 27001:2013 in fact does not require the use of an asset-threat-vulnerability approach for risk assessment anymore, but this does not mean that it is not recommended, only that organizations can adopt other approaches they consider are better suitable for them. They still can use the asset-threat-vulnerability approach if they want, and since this is still the most popular and the most optimal way to implement risk assessment we decided to keep it in our documentation.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 05, 2019

Expert Advice Community